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Preface 



The Italian Conference on Theoretical Computer Science (ICTCS) is the confer- 
ence of the Italian Chapter of the European Association for Theoretical Computer 
Science (IC-EATCS), that takes place every three years. The conference aims at 
enabling computer scientists, especially young researchers, to enter the EATCS 
community and to exchange ideas and results, as well as theory based practical 
experiences and tools in computer science. 

This was the seventh Italian Conference on Theoretical Computer Science, 
and its main topics included analysis of algorithms, automata, computability, 
computational complexity, cryptography, data types and structures, design of 
algorithms, formal languages, foundations of functional programming, founda- 
tions of logic programming, new computing paradigms, parallel and distributed 
computation, program specification, program verification, term rewriting, theory 
of concurrency, theory of data bases, theory of logical design and layout, theory 
of robotics, theory of knowledge bases, type theory, semantics of programming 
languages, security, and symbolic and algebraic computation. 

ICTCS 2001 was held in Turin, Italy, October 4-6, 2001. Previous conferences 
took place in Pisa (1972), Mantova (1974 and 1989), L’Aquila (1992), Ravello 
(1995), and Prato (1998). 

The Program Committee selected 25 papers out of 45 submissions, all of 
them in electronic format. Their authors are from 11 countries, from all over 
the world. Each submission was sent to three Program Committee members, 
assisted by their own referees. 

The selection meeting took place as an electronic forum. To permit a deeper 
evaluation of the papers, the Program Committee split them into two subject 
areas for the preliminary discussion, according to the two tracks of the Journal 
of Theoretical Computer Science which are “Algorithms, automata, complexity, 
and games”, and “Logic, semantics, and theory of programming”, and which 
reflect the main division in research topics within the community. Then, to pre- 
serve the unifying aspects of the research in theoretical computer science, all the 
papers were evaluated again and all the decisions were taken together. 

We would like to warmly thank all the people who submitted their papers 
to the conference, the Program Committee members, and their referees for their 
invaluable contribution. 
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A LTS Semantics of Ambients via Graph 
Synchronization with Mobility* 



GianLuigi Ferrari, Ugo Montanari, and Emilio Tuosto 

Dipartimento di Informatica, Universita di Pisa 
{giangi ,ugo ,etuosto}@di .unipi . it 



Abstract. We present a simple labelled transition system semantics of 
Cardelli and Gordon’s Ambient calculus. We exploit a general and flex- 
ible model based on (hyper)graphs, where graph transformation is ob- 
tained via (hyper)edge replacement and local synchronization with mo- 
bility. In addition to tree- like ambients, the calculus we define works just 
as well with graph-like ambients, which are a more realistic model of 
internetworks. 



1 Introduction 

Foundational research on global computing aims at describing, modeling and 
analyzing the complex interactions taking place in internetwork applications 
encompassing several physical networks, multiple administration domains and 
a variety of possible users. Several models have been proposed to tackle the new 
computational phenomena. They usually take the form of distributed process 
calculi (e.g. Join calculus [7], Ambient calculus [2]), of specialized program logics 
(e.g. Mobile Unity [13], Mohadti [6]), and of Linda-like coordination languages 
(e.g. KLAIM [4], Lime [12]), to mention a few. 

Most models mainly focus on the spatial structure of global computing. To 
reflect the idea of administration domains, they exhibit explicit localities, which 
help modeling distributed computations and the discovery of network resources 
and services. These features distinguish the models of global computing from the 
traditional models (and paradigms) for distributed programming (e.g. CORBA), 
the motto being network awareness: localities are under programmer’s control. 

However network awareness is only one relevant tile of the mosaic of global 
computing. Another important aspect concerns the temporal structure of the ap- 
plications. The run-time environment typically interleaves computational activ- 
ities with structuring and managing activities. The temporal structure of appli- 
cations takes care of describing application rearrangements and security checks. 
A proper understanding of both spatial and temporal structures is clearly needed 
to allow formal verification of applications. 

* Partially supported by CNR project Metodi per Sistemi Connessi mediante Reti\ by 
MURST project Theory of Concurrency, Higher Order and Types', by TMR Network 
GETGRATS; and by Esprit Working Groups APPLIGRAPH. 



A. Restivo, S. Ronchi Della Rocca, L. Roversi (Eds.): ICTCS 2001, LNCS 2202, pp. 1—16, 2001. 
© Springer- Verlag Berlin Heidelberg 2001 



2 



GianLuigi Ferrari et al. 



The Ambient calculus is one of the best studied models addressing the needs 
of global computing, and it has acquired the role of touchstone for the most 
recent proposals. However the interactive, abstract semantics of ambients is still 
not fully explored. In fact, as it is the case of most foundational calculi for global 
computing, reduction semantics for ambients has been found to be simpler than 
the corresponding labeled transition system (LTS) semantics. However, reduc- 
tion semantics has the main disadvantage with respect to LTS semantics that it 
makes harder to define, and reason about, abstract compositional behavior. 

A LTS operational semantics for ambients has been defined by Gordon and 
Cardelli in an unpublished note [ I ] . It requires the introduction in the calculus 
of co-actions, abstractions, concretions and outcomes. At the authors’ knowl- 
edge, the bisimilarity abstract semantics based on this operational semantics 
has not been compared with the reduction semantics and with the logics de- 
veloped by Cardelli, Gordon and Caires, which is equipped with specialized 
modalities to deal with the spatial and the temporal dimensions of global com- 
puting. Sewell [14] introduces a technique to develop an LTS-based semantics 
from a reduction semantics; however the resulting transition semantics exploits 
arbitrary contexts and, moreover, it is not inductive on process operators. 

In this paper we define a LTS semantics of ambients by exploiting a gen- 
eral and flexible model based on (hyper)graphs, where graph transformation 
is obtained via (hyper)edge replacement and local synchronization with mobil- 
ity. While getting acquainted with the formal techniques necessary for handling 
graphs (rather than trees or terms) may require some effort, the actual defini- 
tion of the Ambient calculus is quite short and intuitive. Moreover, in addition 
to tree-like ambients, the calculus we define works just as well with graph-like 
ambients, which are a more realistic model of internetworks. 

More generally, we propose our graph-based technique as a tool for mod- 
eling internetworking systems. In fact, edges can be used to represent compo- 
nents and nodes to model the network environment of components. Some edges 
sharing a node means that the corresponding components may interact by ex- 
ploiting network communication infrastructure. Structured versions of graphs 
(typed graphs, term graphs, hierarchical graphs) can precisely model complex 
internetwork configurations and access policies. 

Graph synchronization adds to network awareness the ability of dealing with 
the temporal dimension of computations. Graphs synchronization is purely local 
and it is obtained by the combination of graph rewriting with constraint solving. 
The intuitive idea is that local rewritings depends on the outcome of a (possi- 
bly global) constraint satisfaction algorithm. Mobility allows to exchange nodes 
during synchronizations, and thus constraint solving must include unification to 
allow for node binding. 

One may wonder if this approach is too abstract and general and it does not 
capture the intrinsic limitations of internetworking applications. We feel that on 
the one side the generality of the approach can be tamed and adapted to the 
needs of the various layers of applications, more powerful primitives being made 
available to upper layers, like B2B or GSGW. On the other side, some impor- 



A LTS Semantics of Ambients via Graph Synchronization with Mobility 



3 



tant network technologies actually require the solution of global constraints, like 
modifying local router tables according to the routing update information sent 
by the adjacent routers. 

Graph rewriting based on edge replacement and synchronization was intro- 
duced in [3,5] and related to distributed constraint satisfaction problems in [11]. 
The version with mobility, which employs a notation based on logical sequents 
and inference rules, was introduced recently in [8] and extended in [9] to encode 
TT-calculus. Abstract semantics based on bisimilarity was discussed in [10]. To 
model Ambient calculus, synchronized hyperedge replacement has been further 
extended in this paper with fusions. Fusions allow to coalesce in the right mem- 
ber of a production sets of interface nodes which are distinct in the left member. 
This extension is necessary for representing the effect of the open capability, 
which merges the localities inside and outside the open ambient. 

In the paper we handle a limited version of ambients, without restriction 
(of ambient names) and process communication, and with guarded recursion 
rather than replication. We relate the operational semantics of ambients based 
on synchronized edge replacement to the original reduction semantics. We show 
that there is a bijective correspondence between ambient processes and certain 
graphs called ambient graphs. We also show that ambient processes and their 
corresponding graphs have corresponding reductions. Of course the graphs have 
in addition transitions with observable labels, which can be exploited in the 
abstract semantics, that however is not studied in the paper. 

2 Hypergraphs and Graph Synchronization 

We first review (as presented in [9]) the notion of hypergraph and its formaliza- 
tion in terms of well formed syntactic judgements. Then we introduce the notion 
of graph synchronization. 

A edge, or simply an edge, is an atomic item with a label (from a ranked 
alphabet LE = {LEn}n=o,i,...) and with as many (ordered) tentacles as the rank 
of its label. A set of nodes together with a set of such edges forms a hypergraph 
(or simply a graph) if each edge is connected, by its tentacles, to its attachment 
nodes. A graph is equipped with a set of external nodes identified by distinct 
names. External nodes can be seen as the connecting points of a graph with its 
environment. 

Now, we present a definition of graphs as syntactic judgements, where nodes 
correspond to names, external nodes to free names and edges to basic terms of 
the form L{x\, . . . , Xn), where Xi are arbitrary names and L S LE. 

Definition 1 (Graphs as Syntactic Judgements). Let M he a fixed infinite 
set of names and LE a ranked alphabet of labels. A syntactic judgement (or 
simply a judgement) is of the form E \- G where, 

1. r C Af is a set of names (the external nodes of the graph). 

2. G is a term generated by the grammar 

G ::= L{x) | G|G | {vy)G | nil where x is a vector of names, L is an 

edge label with rank(L) = |a;| and y is a name. 
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Let fn(G) denote the set of all free names of G, i.e. all names in G not bound 
by a V operator. We require that fn(G) C F . 

We use the notation F,x to denote the set obtained by adding x to F, as- 
suming X ^ F. Similarly, we will write F\,F 2 to state that the resulting set of 
names is the disjoint union of F\ and l 2 - 

Definition 2 (Structural Congruence and Well- Formed Judgements). 

~ Struetural Gongruence = on syntaetic judgements obeys axioms in Table F 
— The well-formed judgements for constructing graphs over LE and Af are 
those generated by applying the rules in Table 1 up to axioms of structural 
congruence. 



Table 1. Well-formed judgments 



Structural Axioms 

(AGl) (Gi|G2)|G3 = G 1 KG 2 IG 3 ) (AG2) G 1 IG 2 = G 2 IG 1 
(AG3) G\nil = G (AG4) vx.vy.G = vy.vx.G 

(AGS) vx.G ^Gifxi fn{G) (AG6) 

(AG7) nx.{Gi\G 2 ) = (iyx.Gi)\G 2 if x i fn(G 2 ) 



Syntactic Rules 

(RGl) 



(RG3) 



x\^. . . ,Xn nil 
r h Gi r h G2 
ThGilGa 



(RG2) 

(RG4) 



L G LEm Vi G. {xj} 

X\ , ■ • ■ , Xn \~ L{y\ ; • ■ • 7 y-m) 

r,x I- G 



r \- VX.G 



Axioms (AGl), (AG2) and (AGS) define the associativity, commutativity 
and identity over nil for operation |, respectively. Axioms (AG 4) and (AG 5) 
state that the nodes of a graph can be hidden only once and in any order, and 
axioms (AG6) and (AGl) define alpha conversion of a graph with respect to its 
bounded names and the interplay between hiding and the operator for parallel 
composition, respectively. 

Rule (RGl ) creates a graph with no edges and n nodes and rule (RG2) creates 
a graph with n nodes and one edge labelled by L and with m tentacles (note that 
there can be repetitions among nodes in y, i.e. some tentacles can be attached 
to the same node). Rule (RG3) allows to put together (using |) two graphs that 
share the same set of external nodes. Finally, rule (RG)) allows to hide a node 
from the environment. 

If necessary, thanks to axiom (AG4), we will write vX, with X = (Jx^, 
to abbreviate vx\.vx 2 . ■ . vxn- Note that using the axioms, for any judgement 
we can always have an equivalent normal form F h vX.G, with G a subterm 
containing only composition of edges. It is clear from the above definitions that F 
and X can be made disjoint sets of nodes using the axioms and that nodes{G) C 
(ru A). 
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The correspondence theorem expressing that well- formed syntactic judge- 
ments up to structural axioms are isomorphic to graphs up to isomorphism has 
been proved in [9]. 

We now introduce the notion of synchronized edge replacement . Synchronized 
edge replacement is obtained using graph rewriting combined with constraint 
solving. More specifically, we use context-free productions enriched with actions 
that are used to coordinate the simultaneous application of various productions. 

The following definitions introduce synchronized edge replacement systems 
where actions can declare and refer to names as nodes and where names are 
bound via unification. 

A context-free edge replacement production rewrites a single edge into an 
arbitrary graph. A production p = (L R) can be applied to a graph G 
yielding H if there is an occurrence of an edge labeled by L in G. Graph H is 
obtained from G by removing the previously matched edge and by embedding 
a fresh copy of i? in G by coalescing its external nodes with the corresponding 
attachment nodes of the replaced edge. This notion of edge replacement yields 
the basic steps in the derivation process of an edge replacement grammar. 

To model synchronized rewriting, it is necessary to add some labels to the 
nodes in productions. Assuming to have a ranked alphabet Act of actions, then 
we associate actions to some of the attachment nodes of the left member of 
the production. In this way, each rewrite of an edge must synchronize actions 
with (a number of) its adjacent edges and then all the participants will have 
to move as well (how many depends on the synchronization policy). It is clear 
that coordinated rewriting will allow the propagation of synchronization all over 
the graph where productions are applied. Determining which productions can 
be synchronized at any given stage corresponds to solve a distributed constraint 
satisfaction problem [11]. 

A synchronized edge replacement grammar, or simply a grammar, consists of 
an initial graph and a set of productions. A derivation is obtained by starting 
with the initial graph and by executing a sequence of transitions, each obtained 
by synchronizing possibly several productions. 

Now, for adding mobility to our model of computation we let a production 
to declare on each of its connecting nodes new names for the nodes it creates 
and to share these names and/or other existing names with the rest of the graph 
using the synchronization process. This is done in a production by adding to the 
action in a node a tuple of names that one wants to communicate. Therefore, the 
synchronization of a rewriting rule has to match not only actions, but also has to 
unify the tuples of names. After the productions are applied, the declared names 
that were unified are used to obtain the final graph by merging the corresponding 
nodes. 

The expressive power of our model depends on the meaning of the names 
unified in the synchronization process. If these names correspond only to nodes 
newly generated in the productions, the expressive power is analogous to the 
7r-/-calculus, where only extruded names can be transmitted. Instead, if also 
“old” nodes can be communicated, but not unified, we are analogous to the 
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TT-calculus. If all types of nodes can be unified, the corresponding process alge- 
bra is the fusion calculus [15]. However we emphasize that in our model it is 
possible (and easy) to define multiple synchronizations, while the existing calculi 
are usually limited to binary synchronizations. 

In this paper we handle for the first time the general case (with Milner 
synchronization style). The tt — /-like case was defined in [8,10] while the inter- 
mediate case was presented in paper [9], which in fact includes the encoding of 
the TT-calculus. 

Below we define the transitions of a grammar as certain logical sequents. We 
exploit the previously introduced representation of graphs as syntactic judge- 
ments. Notice that no distinction is made between nodes and names. 

Definition 3 (Transitions (with fusion)). A transition has the form 

T h Gi ^ 0 h G2 



where: 

1. A: r-e-^ {Act X Af*) 

2. TT : T — > T and x G 7t“^(x) 

3. n{A) = {z 1 3x.A{x) = (a,y),z S Set{y)} 

4. A = n{A)-r 

5. (j) = Tr{r) U A 

A transition says that Gi is rewritten into G 2 satisfying a set of requirements 
A and a fusion substitution tt. The free nodes of graph G 2 must include the 
free nodes of Gi (after applying tt) and those new nodes (A) that are used in 
synchronization. Note that (f is determined by the F and A of the same transition. 

The set of requirements A C F x Act x Af* is defined as a partial function in 
its first argument, i.e. if {x,a,y) £ A we write A{x) = {a,y) with rank{a) = \y\. 
With A{x) t we mean that the function is not defined for a;, i.e. that there is 
no requirement in A with x as first argument. Function set{y) returns the set of 
names in vector y. The definition of A as a function means that all edges in Gi 
attached to node x that are participating in a synchronization must satisfy the 
conditions of the corresponding synchronization algebra. The function is partial 
since not all nodes need to be loci of synchronization. 

Fusion substitution tt determines a partition of F where all nodes in an 
equivalence class are mapped to a representative element of the class. We use 
X ^ y to denote the substitution mapping node x to y. 

Definition 4 (Productions). A synchronized production, or simply a produc- 
tion, is a special transition of the form, 

Xi,. . .,Xnt- L{xi,. . . ,Xn)^ G 

The context-free character of productions is here made clear by the fact 
that the graph to be rewritten consists of a single edge with distinct nodes. 
Productions combine the roles of prefix, sum and recursion in process calculi. 
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Renaming can be applied to productions in several ways: i) free names 
xi,. . . ,Xn can be changed throughout the sequent; ii) names declared in zi = 
n(A) — -T can be ct-converted; and iii) the representative names chosen by tt can 
be consistently changed. Also identity productions of the form 

Xi, . . . h L{xi,. ..,Xn)^-^Xi,...,Xn\- L{xi, . . . , Xn) 



are always considered available. 

Definition 5 (Grammars). Let N he a fixed infinite set of names, LE a 
ranked alphabet of labels and Act a ranked set of actions. A grammar consists of 
an initial graph Iq h Gq and a set V of productions on LE and Act. 

A derivation is a finite or infinite sequence of the form E \- G |- q.^ 

^ fin^Gn-.., where EhG ^ h Gi and fi.-i h Gi_i ^ E^ 

h Gi, i = 2, . . . ,n are transitions in the set T(fP) of transitions generated by V . 
Transitions TifP) are generated by V applying the inference rules defined below. 



Definition 6 (Inference rules). Let {E h Go,V)be a grammar. The set TfiP) 
of transitions is obtained from the productions P using the inference rules in 
Table 2 where the side conditions of the rules are: 



i’l 



def 



A n (j{E) = 0 and Vx G A.a(x) = x 
a(x) = a(y) A A(x) | AA(y) I Ax ^ y ^ 

(Vz ^ {x,y}.a{z) = a{x) A{z) |) 

A A{x) = {a, v) A A{y) = (a,w) A a t 
p = mgu{{a{v) = a{w)\a{x) = a{y) A A{x) = {a,v) A A{y) = {a,w)} 
U{a{x) = a{y)\7r{x) = Tr{y)}) 

= / (g 0 ), if a{x) = a{y) = z A xfi^y A A{x) I A A{y) | 

' ( p(cr(yl))(2:), otherwise 

= p{(t{tt{x))) 

_ u = p{a{(j))) - (j)' 






def 



(7r(a;) = Tr{y) A x y) ^ tt{x) x 
A{x) t or A{x) = (t, 0), 

A' = A-{x,t, 0) 



Rule {par) simply combines together two disjoint judgements. 

Rule {merge) is the rule for synchronization. The rule states that in a tran- 
sition it is possible to merge two nodes x and y that offer complementary non- 
silent actions (conditions on a). Here p is the most general unifier that fuse the 
corresponding names of the actions and propagates the previous fusions (deter- 
mined by 7 t). The label A! takes into account all possible synchronizations and 
leaves unchanged the actions offered on the other nodes up to the necessary 
fusions {p and a). The new fusion substitution tt' acts on cr{E) by applying to 
it the mgu p. Finally, the names in f> after the fusion which are not present in 
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Table 2. Inference rules for graph synchronization 



rhGi^^hGa r h G'l ^ h G^ , 

(par) — where i Ci F 

r,F' h GilG'i h G2\G'^ 



(merge) 



r Gi ^ (j} G2 



a' .t:' 



aF h (tGi — ^ (j)' \- V u.p{<j(G2)) 



where ipi holds 



(res) 



F, X h Gi ^ h G2 
F h 1/ x.Gi (j)' \- 1/ Z.G2 



where V '2 holds 



(j)' = TT'(r) U (n(A') — (r(r)) are restricted; this corresponds to the close rule of 
the TT-calculus. 

Rule (res) deals with node restriction. According to the first condition, the 
restricted node must not be the representative element of its equivalence class 
induced by tt when this class contains nodes different from x. Furthermore, only 
nodes can be restricted where either no action or only synchronization actions 
take place. If this conditions hold, A' is obtained by hiding the (possible) silent 
action on x and restricting all the nodes that are not in (j)' . Notice that 4>' is 
defined as usual as cj> = 7t(F) U Z\, with A = n(A') — F. 

3 Ambient Calculus 

In this section we apply our graph synchronization framework to the Ambient 
calculus [2] that is considered one of the most suitable calculi for representing 
wide area network computations. First we give syntax and semantics of the 
Ambient calculus and then its representation in terms of graphs is specified. 

3.1 The Calculus 

The syntax and the reduction semantics of Ambient calculus [2] is given below. 
The calculus relies on the notion of ambient that can be thought of as a bounded 
environment where processes interact. An ambient has a name, a collection of 
local agents and a collection of subambients. Ambients can be moved as a whole 
under the control of agents which are confined to ambients. Processes use ca- 
pabilities for controlling interaction. We do not consider synchronization and 
restriction, and replication is replaced by (guarded) recursion. 

Definition 7 (Syntax). Let N be an infinite set of names ranged over by 
a,b,c,..., n,m,p,r...; let A, F, Z, ... be process variables. 

M ::= in n I out n \ open n 

P,Q ::= 0 I n[P] \ M.P \ P\Q \ recX.P \ X 



A LTS Semantics of Ambients via Graph Synchronization with Mobility 



We assume that X is guarded by M in recX.P. 

We denote with Proc the set of the Ambient calculus processes. 

Capabilities M are the usual Ambient calculus capabilities: in n allows to drive 
an ambient inside an ambient named n; dually, out n allows to exit an ambient n; 
open n dissolves an ambient n. 

A process is the void process 0, a process n[P] obtained by wrapping P in an 
ambient n, a sequential process M.P, the parallel composition of two processes 
P\Q, the recursive process recX. P or a process variable X. 

Definition 8 (Structural equivalence). The semantics of the Ambient cal- 
culus relies on the structural equivalence defined by the following rules: 

1. The parallel operator _|_ is associative, commutative and 0 is its identity; 

P=Q P=Q 

2 . 

M.P = M.Q n\P]=n[Q] 

3. rec X.P= rec Y. P{Y/X}, ifY ^ fv{P); 

4. recX.P = P{recX.P/X}. 

The usual algebraic properties of the parallel composition and the 0 process are 
assumed (rule 1); rule 2 guarantees that structural equivalence is preserved by 
capabilities and ambient processes; the process variable X is bound in rec X. P 
and may be renamed (rule 3); finally, rule 4 is the analogous of the usual struc- 
tural rule for replication (namely, IP = P \ IP). 

Definition 9 (Reduction Semantics). The reduction relation C Proc x 
Proc is the relation inductively generated by the axioms and rules in table 3 and 
closed under the structural equivalence given in Definition 8: 



Table 3. Ambient calculus reduction relation 

m[n[out m.P | Q] | _R] ^ n[P \ Q] \ m[P\ 
n[in m.P \ Q] \ m[P\ m[n[P | Q] | _R] 
open n.P \ n[Q] ^ P \ Q 
P-^Q P^Q 

P\R^Q\R n[P] n[Q] 



The first two axioms in Table 3 state that an ambient n can be driven by 
a sequential process inside it to exit the wrapping ambient (out m.P) or to 
enter a parallel ambient m {in m.P). The third axiom is relative to the open n 
capability: an ambient may be dissolved by an external process. Note that all 
the capabilities are “asynchronous” , in the sense that the only condition under 
which they can be fired is the presence of a particular ambient. 
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3.2 Graph Representation of Ambient Calculus 

We now show how it is possible to translate the Ambient calculus in our graph 
synchronization framework maintaining the semantics of processes. 

Definition 10 (Translation). 

I 0 ]a; = a; h nil 

I n[P] l^ = x\- n y.{G \ n{y, x)), if yy^xAlPjy = y\-G 
I M.P = x\- Lm.p{x) 

I Pi\P 2 jx = X \- Gi \ G 2 , if I Pi = a; h G*, where z = 1, 2 

lrecX.Pl, = lP[recX.P/X]l, 

Definition 10 introduces the mapping function | P Jx that returns a graph whose 
only free node x corresponds to the root of the ambient process P. 

In the above translation, sequential processes M.P are directly represented 
by edges labelled by M.P. While this introduces an infinite number of labels, it 
is easy to see that only a finite number of them (and of the corresponding activ- 
ity rules defined below) is needed to derive all computations of any particular 
ambient. 

The graph associated to the 0 process is an isolated node. The graph of 
n[P] with free node x is obtained by constructing the graph of P on node y, 
attaching it to the graph n{y, x) and restricting y, note that the ambient name n 
is interpreted as an edge from y to x labelled n. Ambient names N and sequential 
processes are the only edge labels. 

The parallel composition Pi | P 2 is obtained by making the graph of Pi 
and P 2 to share their root node x; finally, recursive processes are unfolded first 
The given translation is injective but not surjective. However, the graphs 
I P in the image of the translation function can be characterized as follows. 

Definition 11 (Ambient graphs). An ambient graph is a graph labeled on 
LE = {Lm.p\M.P S Proc is sequential} U N which 

1. is acyclic; 

2. every node has at most one outgoing edge labelled in N ; 

3. there is one root node with no outgoing edges. 

Theorem 1. | .Jj, zs a bijection on ambient graphs. 

We now define the productions of our version of the Ambient calculus. There 
are two kinds of productions: activity productions, relative to sequential pro- 
cesses, and coordination productions that corresponds to ambients. 

Definition 12 (Activity productions). The activity productions have the fol- 
lowing form. 

ITaz pI ^=> G x\-Lm.p[x) 

X 

^ Note that the [ -]i is well defined because recursion variables are guarded by capa- 
bilities. 
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Activity productions determine the actions that sequential processes are able 
to perform. In our approach, sequential processes become edge labels: when an 
action is performed, an edge labelled by M.P is rewritten as the graph corre- 
sponding to P. 

The complementary actions to synchronize the activity productions must be 
offered by ambients; more precisely, ambients must signal their existence emit- 
ting the complementary actions on their attaching nodes and, in this manner, 
performing the correct synchronized steps. 



Definition 13 (Coordination productions). Coordination productions are 
as follows. 



xi-^y 



(open) 



open a 



, , {{V.open a,{))}[x^v] . 

x,y \- a(x, y) > y h ml 



(inputl) 



X 

• . 



in a 



-a 



y 



input a, z 



y 







x,y\- b{x,y) 



{(a;, in a,{)),{y,input a,{z))} 



^ x,y,z'^ b{x,z) 



(input2) 



-0- 



y 



input a, X 



X 



0 



y 



i_ , . {{y.input a,{x))} 

x,yV- a[x, y) > x, y h a(x, y) 



{outputl) 



X 

• — 

out a 



y 

output a, z 



y 







x,y\- b{x,y) 



{{x,out a,{)),{y,output a,{z))} 17/ \ 

^ x,y,zV- b{x, z) 



(output2) 



output a, y 



0 



y 

■ • 



X 

• - 



-0 



y 

■ • 



, . {(x, output a, (y))} 

X, y h a(x, y) > x, y h a(x, y) 
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For every production, we give both the sequent and its graphical representa- 
tion. In the latter, left and right members of a production are drawn in the style 
of Definition 10, but without restricted nodes. When (a;,^, (y)) G F, node x in 
the right member is labeled by a;, Coordination productions define the comple- 
mentary actions that ambients must perform in order to synchronize themselves 
with sequential processes. 

The (open) production states that if the ambient a has a parallel process that 
wants to open it, then the edge corresponding to a disappears and x is fused 
with y. 

Production(mpitfl) asserts that is a process inside b wants to drive b in an 
ambient a, then the destination of b will become the new node z. On the other 
hand, production (input2) controls the entrance of an external process in a: this 
production simply passes the source a; of a to the entering process. 

Analogously to the input productions, (output!) and (output2) take care of 
the output action. We remark that (output!) acts quite similarly to (input!). 

Definition 14 (Basic transition). A transition F \- G ^ i() h G' is basic if: 

— TT is the identity function on F; 

— its proofs uses exactly one instance of either (open) or (input!) or (output!); 

— A is either a singleton {(a;,T())} or it is empty. 

Theorem 2. For all ambient processes P,Qg Proc: 

— if P ^ Q then | P ]a; [ Q Jx cind either A = 11} or A = {(x,t, ())}; 

— j/ I P ]a; ^ (j)\- G is a basic transition, then </> h G = | Q ]a; and P ^ Q. 

Proof (sketch): The proof of the theorem is based on the fact that if a basic 
derivation | P ]a; exists, then it is possible to derive the same transition by 

1. applying instances of the (par) rule to a suitable set of productions; 

2. applying the (merge) rule in such a way that the graph relative to P without 
restrictions is obtained; 

3. restricting by means of rule (res) all the nodes that are not the root node 
of P. 

It is easy to note that all the reductions that do not take place at the top level 
of P correspond to basic transitions of the graph whose A is empty, while the 
transitions that involve subprocesses of P at the top level have A= {(a;,r, ())}. 

3.3 Example 

As an example we show the correspondence between an Ambient calculus re- 
duction and the corresponding graph transition. Let us consider the ambient 
reduction 

b[in a.P \ Q] \ a[0] ^ a[b[P \ Q]] 
where P and Q are sequential processes. 
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Following Definition 10 and Theorem 2, we should obtain 





Xi 

o 



{(a:i,r,(>)} 









( 1 ) 



The picture on the left is the graphical representation of | b[in a.P \ Q] \ a[0] ]a;i , 
while the rightmost picture is | a[6[P | Q]] (we represent the restricted nodes 
with • and the free nodes with o). 

The steps described in the proof sketch of Theorem 2 guide us in applying 
the productions (activity and coordination) and the inference rules of Table 2 in 
order to construct a proof for transition (1). 

First (step 1) we decompose the graph in its elementary edges and determine 
the productions that correspond to the elementary components of the transition. 



xi,yi b 6(2/1, a;i) 



J {xi, input a, (zi)), \ ■ , 

\ a,{)) J’ 



t Xi,yuzi h b(yi,Zi) 



f T- / , {(y 2 ,in a,())},id , r / \ 

2/2 b ijn a.p(y2) > 2/2 b Lp(y2) 

. , {(a,2, input a, (z))}, id , , 

X2,Z h a\Z,X2] 1 X2,Z V- a{Z,X2) 

2/3 b Lgiys) ^ 2/3 b Lgiys) 



( 2 ) 

(3) 

(4) 

(5) 



Transitions (2) and (4) are instances of the coordination productions (inputl) 
and {input2), respectively; transition (3) is the activity production relative to 
in a.P and transition (5) is the identity transition that leaves Lq idle. 

The graphical representation is: 




in a oyi 



o z 



02/1 O z 



in a 



o 2/2 



o 2/3 




2/2 o 



o 2/3 
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The previous graph represents the transition obtained by applying the {par) rule 
to the productions ( 2 ), ( 3 ), ( 4 ) and ( 5 ). Let 

Gi = b{yi,xi) I a{z,X2) \ aAv^) I ^q{v^) 

G2 = b{yi,zi) I a{z,X2) \ Lp{y2) \ LQ{ys) 

r = {xi,x2,yi,y2,y3,z} 

then, in terms of sequents we have: 



ThGi 



(xi, input a, (21)), 
{x2 , input a, {z ) ) 
(j/i, 'i-n Q , 0) 

(^2, m a, 0 ) 



,id 



zi \~ G2 



( 6 ) 



The application of the merge rule (step 2 ) provides the fusion of the nodes 
in order to obtain a graph of the same shape of the ambient process but without 
restricted nodes. Referring to the rule {merge), let cr the function that behaves 
as the identity on all nodes different from X2, 2/2 and 2/3 and 



) X2 I— > Xi 

2/2 2/1 

2/3 2/1 

that determines A' = {(a;i,T, ()), (2/1, G ())} and p \ Z\ ^ z. The rule {merge) 
may be applied to transition (6) obtaining the transition 



Xi,yi,z h cr(Gi) 



{ 



{)), 
{yi,T, (>) 













^ p{^{G2)) 



that is graphically represented as 




We remark that the above transition requires a synchronization involving three 
edges and two nodes: the edges relative to in a. P and b that synchronize on 
node 2/1, and the edges relative to ambients b and a that synchronize on node x\. 
This makes clear that the in capability of ambients requires to synchronize three 
components (the out capability is analogous). 

Finally, two applications of the (res) rule (step 3 ) are needed in order to 
restrict nodes 2: and 2/1. This concludes the proof of the transition. 
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4 Conclusion 

In the paper we presented a simple LTS semantics of Cardelli and Gordon’s 
Ambient calculus exploiting a graphical model based on edge replacement and 
local synchronization with mobility. While the correspondence with the original 
operational semantics of ambients is shown for a restricted class of graphs (the 
ambient graphs), it is also conceivable to lift this limitation and to allow all 
graphs on the same edge labels. Coordination productions should be exactly the 
same, while activity productions should be allowed to rewrite an edge into any 
such graph. The resulting calculus should allow programmable ambient mobility 
on any graphical model of internetworks, providing a more realistic description 
of real systems. 

The work presented here is still at an initial stage. The labeled transition 
system defined by the logical sequents in the paper automatically provides an 
abstract semantics of ambients under the usual definition of bisimilarity. Since 
all nodes in ambient graphs are restricted except for the root, interactions can 
only be observed there. This should respect the intuition of abstract semantics 
of ordinary ambients, where barb observation and ambient composition are via 
the root. However we did not yet study the relation of our abstract semantics 
with Cardelli and Gordon’s, and we do not know if it is a congruence, i.e. if it is 
respected by our operations of composition and restriction of graphs. Finally, we 
would like to experiment with network reconfiguration techniques more general 
than ambients, but still realistic for actual internetworks, taking advantage of 
our general approach. 
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Abstract. We illustrate the use of intersection types as a tool for syn- 
thesizing A-models which exhibit special purpose features. We focus on 
semantical proofs of easiness. This allows us to prove that the class of 
A-theories induced by graph models is strictly included in the class of 
A-theories induced by non-extensional filter models. 



Introduction 

Intersection types were introduced in the late 70’s by Dezani and Coppo [10,12,6], 
to overcome the limitations of Curry’s type discipline. They are a very expressive 
type language which allows to describe and capture various properties of A- 
terms. For instance, they have been used in [29] to give the first type theoretic 
characterization of strongly normalizable terms and in [13] to capture persistently 
normalizing terms and normalizing terms. See [15] for a more complete account 
of this line of research. 

Intersection types have a very significant realizability semantics with respect 
to applicative structures. This is a generalization of Scott’s natural semantics [31] 
of simple types. According to this interpretation types denote subsets of the 
applicative structure, an arrow type A ^ B denotes the sets of points which 
map all points belonging to the interpretation of A to points belonging to the 
interpretation of B, and an intersection type An B denotes the intersections of 
the interpretation of A and the interpretation of B. Building on this, intersection 
types have been used in [6] to give a proof of the completeness of the natural 
semantics of Curry’s simple type assignment system in applicative structures, 
introduced in [31]. See [14] for a more complete treatment of completeness of 
intersection type assignment systems. 

But intersection types have also an alternative semantics based on duality 
which is related to Abramsky’s Domain Theory in Logical Form [1]. Actually it 
amounts to the application of that paradigm to the special case of w-algebraic 
complete lattice models of pure lambda calculus, [11]. Namely, types correspond 

* Partially supported by MURST Cohn ’99 TOSCA Project, CNR-GNSAGA and 
FGV ’99. 
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to compact elements: the type f2 denoting the least element, intersections de- 
noting joins of compact elements, and arrow types denoting step functions of 
compact elements. A typing judgment then can be interpreted as saying that 
a given term belongs to a pointed compact open set in a w-algebraic complete 
lattice model of A-calculus. By duality, type theories give rise to filter X-models. 
Intersection type assignment systems can then be viewed as finitary logical def- 
initions of the interpretation of A-terms in such models, where the meaning of 
a A-term is the set of types which are deducible for it. 

This duality lies at the heart of the success of intersection types as a powerful 
tool for the analysis of A-models, see e.g. [2,6,11,13,3,17,21,16,28,19,30]. 

In this paper we illustrate the use of intersection types as a tool for synthe- 
sizing A-models which exhibit special purpose features. For building our models 
we will introduce a strengthened version of intersection type theories, namely 
the easy ones. We focus on semantical proofs of easiness [23], [5] (Definition 
15.3.8) (we recall that a closed term P is easy if, for any other closed term M, 
the theory A/3 -I- {M = P} is consistent). More specifically we will consider the 
terms UJ2UJ2 and wawsl where UI2 = Xx.xx, 0J3 = Xx.xxx and I is the identity 
combinator. Let P be UJ 2 UJ 2 or W3W3I. For any closed term M we will build a 
non-trivial filter model (that is a non-trivial A-model built on intersection type 
theories) where the interpretations of M and P coincide. From this fact it fol- 
lows that the theory Xf3 + {P = M} is consistent, hence P is easy. A feature of 
the present model construction is that with very small changes we can show the 
consistency of Xfir] + {P = M} for P = W2W2 and P = o;3W3l. 

The easiness of both W2i^2 (see [23], [26]) and (see [24], [9]) have been 

shown by syntactic arguments. These and other easiness results have been mainly 
obtained either using the “Jacopini technique” [23], [27] (Section 4.4.4), [26], or 
using Church-Rosser relations which extend A/3 [22], [8], [9]. Actually a semantic 
proof of the easiness of 102^2 has already appeared in the literature [4] with 
a proof based on non-standard V{uj) models. Moreover [20] builds extensional 
filter models equating ^2^2 to arbitrary closed terms. See also [33]. 

One of the by-product of this paper is that it provides a negative answer to 
an interesting question, namely whether the class of A-theories induced by graph 
models, (e.g. Scott, Park and Engeler models are instances of graph models), 
coincide with the class of A-theories induced by non- extensional filter models as 
defined in [16]. In [25] it was shown that the equation of u}^uj'i\ = I cannot be 
proved in any graph model, whilst our paper shows that this is possible with non- 
extensional filter models. Hence the two mentioned classes differ (actually [16] 
shows that graph model A-theories are included in non-extensional filter model 
A-theories) . 

It is an open question of this paper to single out which classes of A-terms can 
be proved easy using filter models as semantical tools. 

Also a “philosophic” question arises: a part from classical semantics tools, 
such as Fixed Point Induction, what do we gain when we have an ordered cpo 
model for a A-theory? At present, we have not a clear cut answer to such question. 
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The present paper is organized as follows. In Section 1 we present easy in- 
tersection type theories and type assignment systems for them. We prove some 
meta-theoretic properties including a Generation Theorem. In Section 2 we in- 
troduce A-models based on spaces of filters in easy intersection type theories. 
Sections 3 and 4 exhibit the mentioned models which allow to prove easiness of 
W 2 W 2 and W 3 W 3 I. Section 5 discusses the extensional versions of the above models. 

1 Intersection Type Assignment Systems 

Intersection types are syntactical objects built inductively by closing a given 
set QZ of type atoms (constants) under the function type constructor ^ and 
the intersection type constructor H. In this paper we only need to consider 
intersection types which contain the universal type Q and possibly the “isolated” 
type i in their set of atoms. 

Definition 1 (Intersection Type Langnage). 

Let (£ be a countable set of constants such that f2 G <L. The 17-intersection type 
language over (£, denoted by Y = T((L) is defined by the following abstract 
syntax: 

T = C;|T^T|TnT. □ 

Notice that the most general form of an intersection type is a finite intersection 
of arrow types and type constants. 

Notation. Upper case Roman letters, i.e. A,B, . . ., will denote arbitrary types. 
Greek letters will denote constants in (E. When writing intersection types we 
shall use the following convention: the constructor n takes precedence over the 
constructor — *■ and it associates to the right. 

Much of the expressive power of intersection type disciplines comes from the 
fact that types can be endowed with a preorder relation <, which induces the 
structure of a meet semi-lattice with respect to fl, the top element being 17. 

The notion we introduce of easy intersection type theory is new in the litera- 
ture. It is tailored in order both to include the type theories of Sections 3, 4, 5 and 
to have easier proofs of the following Theorems 1, 2, 3. We refer the interested 
reader to [7] for the general definition of intersection type theory. 



(refl) A < A 
(inclL) An B < A 

, , A< A' B <B' 

AnB<A'nB' 
(B) A<n 



(^-n) {A^ B)n{A^C) <A^ Bnc (g) 



(idem) A < An A 

(inclfl) An B < B 

, , A<B B <C 

(trans) 

(17-77) B —> f 2 

A' < A B < B' 



B < A' 



B' 



Fig. 1. The set Vo of axioms and rules 
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Definition 2 (Easy intersection type theories). 

Let T = ir(QZ) be an Q-interseetion type language. The easy intersection type 
theory (eitt for short) over T is the set of all judgments A < B 

derivable from , where is a collection of axioms and rules such that (we 

write A ^ B for A < B B < A): 

1. V contains the set Vo of axioms and rules of Figure 1; 

2. further axioms can be of the following three shapes only: 

tp < tp' , ^ ^ A), tp ^ C) n ^ A), 

where ip, ip', <p,f,fG (L \ {(•}, A € T, and ip, ip' ^ fi; 

3. V does not contain further rules; 

4 . for each ip ^ f2, u there is exactly one axiom in V of the shape ip ~ A; 

5. let V contain ip ^ A and ip' ~ A' where either A = (p —>■ f or A = (cp —f f) 
n(^ — > B). Then V contains also ip < ip' iff A' = (p' ^ and contains 
both (p' < (p and C < (' . 

Notice that: 

(a) since ~ S B{(£, y) by axioms (J7) and {L2-rf), it follows that all 

atoms in QZ different from l are equivalent to suitable (intersections of) arrow 
types; 

(b) V cannot contain axioms of the shape u < A or A< r. this justifies the label 
“isolated” for l\ 

(c) associativity and commutativity of H (modulo ~) follow easily from the 
axioms and rules of Vo as defined in Definition 2. 

A consequence of (a) is that an eitt induces an extensional A-model iff its set 
of constants does not contain i: this will be proved in Theorem 3. 

Notation. 

When we consider an eitt B{(L, y), we will write (E^ for (E, for T((E) and 
for E{(£, y). Moreover A B will be short for {A < B) G and A^.^B 
for A B A. We will consider syntactic equivalence “=” of types up to 
associativity and commutativity of n. We will write rii<n for Ai n . . . n A„. 
Similarly we will write Hie/ where / denotes always a finite non-empty set. □ 

Theorem 1 gives useful properties of eitt’s. 

Theorem 1. 

For all I, and Ai,Bi,C,D G TT^, 

3J C /. C ^ Cli^j Bi D. 

Proof. In this proof we assume that ip, cp, f denote constants different from l. Let 
A(nt) B{C]l) be short for A S or A n t i? or A n t B f] l, where 
A, B i. Notice that we cannot have A B C] l and A t. 

By assumption for each constant ip there exists in y exactly one judgment of 
the shape ip ~ rijgL(’A) We can prove by simultaneous induction 

on the definition of two statements, the first of which implies the thesis. 
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and then for each j G J there exist I' C I, H' <G H and, for all h G 

H', c lwo such that c, A,) n (n/.G//-(n,GL(^.)' 

and (PliG/' Bi) n (PlhG-ft' (riieLf’^h)' 

2- if (riiG/(^® ^ ^i))^if]heH y’h){(^y) <v ic\jej(y^j ^j))^iC\keK y‘k)i^y)j 

and 4>k'/^^fi, then for each mGL^’^A there exist I' QI, H' QH and, for all hG 
H', Li'^^y C L(V'0 such that A,) n {r\h^H'irh^Li^.y 

and (aez- B,) n <v □ 

Inside the set of types we single out those which are not t and not intersections 
containing l . Moreover we associate to each type the maximum number of nested 
arrows in the leftmost path. 

Definition 3. 1. A type A G is functional iff A ^ l and there is no B G 
such that A=if]B; 

2. The mapping ff : ^ IM is defined inductively on types as follows: 

#{A) =0 ifAG(L^-, 

#{A ^B) = #{A) + 1; 

#{ATB) =max{#(A),#(B)}. □ 

Trivially all types in are functional when i ^ (E. 

Some properties of functional types are crucial. 

Theorem 2. 1. If A B and A is functional, then B is functional. 

2. Let AgT'^ be a functional type. Then, if ff(A) > 1, there is B G such 
that A^-^B, B = p|jgj(Ci ^ Df), and ff{B) = #(A). 

Proof. (1) asy by induction on <,^. 

(2) et A = (n,gy(q ^ ^')) n where C',D' G T^, e . 

Being A functional, V/i G H. iph ^ hence for each h G H there are It, 
G (ly , A^h G such that '0h~v fliG/h ^ We can choose 

B ^ (aej(q - D'y)) n ^ A,n))). □ 

Before giving the key notion of intersection-type assignment system, we in- 
troduce bases and some related definitions. 

Definition 4 (Bases). 

1. A y-basis is a (possibly infinite) set of statements of the shape x:B, where 
B G TT^, with all variables distinct. 

2. X G T is short for 3A G . (x: A) G T and T,x:A is short for T U {a; : A\ 
when X ^ r . 

3. Let r and T' be -bases. The Z/ -basis T Gi T' is defined as follows: 

T T' = {x : A O B \ X : A G T and x: B G T'} 

U {x: A \ x: A G T and x ^ T'} 

U {x: B \ x: B G r' and x ^ T}. 
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Accordingly we define: 

r (±r' ^ 3r".rar" = r'. □ 

Definition 5 (The type assignment system). 

The intersection type assignment system elative to the eitt , notation 
is a formal system for deriving judgments of the form T M : A, where the 
subject M is an untyped X-term, the predicate A is in and T is a \/-basis. 
Its axioms and rules are the following: 

r T hV M : 

r,x:Ah'^ M : B T M : A ^ B B N : A 

r hv Xx.M -.A^B r hv MN : B 

r hV M : A r hV M : S T M ■. A A B 

^ rhv M : AnB T hv M : B ° 

As usual we consider A-terms modulo a-conversion. 

Notice that intersection elimination rules 

Th'^M-.AnB Th'^M-.AnB 
’ Th^ M -.A T hv M : S 

can be immediately proved to be derivable in all Afl^. 

A first simple proposition, which can be proved straightforwardly by induc- 
tion on the structure of derivations is the following. 

Proposition 1. 

1. If X ^ FV{M) and B^x:B M : A, then T M : A; 

2. Ifr^^M-.A and T GT', then T' M : A. 

We end this section by stating a Generation, or Inversion, Theorem for the 
type assignment systems Afl^. 

Theorem 3 (Generation Theorem). 

1. Assume Afj^Q. B x \ A iff (x:B) G B and B A for some B G T^. 

2. B MN : A iff B M \ B ^ A, and B N : B for some B G 

3. B Xx.M : A iff B,x \ Bi M : Ci and — > Ci) A, for 

some I and Bi,Ci G T^. 

f. If B Xx.M : A then A is a functional type. 

5. B hV Xx.M ■. B ^ C iff B,x-.B^^ M -.C. 

Proof. The proof of each (<J=) is easy. So we only treat (=^). 

(1) Easy by induction on derivations, since only the axioms (Ax), (Ax- 17), 
and the rules (HI), (<v) can be applied. Notice that the condition At^,^ 17 implies 
that B X : A cannot be obtained just using axioms (Ax- 17). 
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(2) If we can choose Otherwise the proof is by induction on 

derivations. The only interesting case is when A = n A 2 and the last applied 

rule is (nl): 

T hv MN :Ai Fh'^ MN : A2 

’ r hv mn : Ai n A2 ■ 

The condition implies that we cannot have Ai~yA2~<^l7. We do the 

proof for and ^2/^17, the other cases can be treated similarly. By 

induction there are B,C,D,E such that 

r M : B ^ C, Fh"^ N ■. B, 

Fh^ M : D ^ E, T hV iV : D, 

C <1^ Ai & E <1^ A2. 

So we are done being (B — > C) n (D ^ E) Br]D^Cr\E<Br\D^A 

by rules (— >-H) and ( 77 ) since C n if A. 

(3) The proof is very similar to the proof of (2). It is again by induction on 
derivations and again the only interesting case is when the last applied rule is 

(nl): 

r hV Xx.M : Ai T hV Xx.M : A2 
F hv Xx.M : Ai n A2 ’ 

By induction there are /, Bi,Ci, J, Dj, Ej such that 

Vi e /. G,x:Bi hV M : Q,Vj S J. G,x:Dj M : E^, 

^ CO <v Til & ^ E,) A2. 

So we are done since (Hie/ {B, ^ CO) n {HjejiDj ^ E,)) A. 

(4) Immediate from (3) and Theorem 2(1). 

(5) The case C~<^17 is trivial. Otherwise let I,Bi,Ci be as in (3), where 

A = B ^ G . Then — > CO <v B ^ C implies by Theorem 1 that 

there exists a, J C I such that B ^i^jB, and n*6jC* <v C. From F,x: 
Bi\-'^ M \ Ci we can derive F,x'.B M : Ci by Proposition 1(2), so by (nl) 
we have F,x:B\-^M: HigjCi. Finally applying rule (<v) we can conclude 
F,x:B PV M : C. □ 

2 Filter Models 

In this section we discuss how to build A-models out of type theories. We start 
with the definition of filter for eitt’s. Then we show how to turn the space of filters 
into an applicative structure. Finally we will define a notion of interpretation of 
A-terms and show that we get A-models (filter models). 

Filter models arise naturally in the context of those generalizations of Stone 
duality that are used in discussing domain theory in logical form (see [1], [11], 
[32]). This approach provides a conceptually independent semantics to inter- 
section types, the lattice semantics. Types are viewed as compact elements of 
domains. The type 17 denotes the least element, intersections denote joins of 
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compact elements, and arrow types allow to internalize the space of continuous 
endomorphisms. Following the paradigm of Stone duality, type theories give rise 
to filter models, where the interpretation of A-terms can be given through a 
finitary logical description. 

Definition 6. 

1. A \/-filter (or a filter over is a set X C such that: 

- f2eX; 

~ if ^ B and A G X , then B G X ; 

— if A, B G X , then An B G X; 

2. denotes the set of \/ -filters over 

3. if X C t X denotes the -filter generated by X; 

f. a n/ -filter is principal if it is of the shape | {A}, for some type A. We shall 
denote | {^} simply by ( A. □ 

It is well known that is a w-algebraic cpo, whose compact (or finite) 
elements are the filters of the form | A for some type A and whose bottom 
element is t 

Next we endow the space of filters with the notions of application and of 
A-term interpretation. Let Env^^v be the set of all mappings from the set of 
term variables to . 

Definition 7. 

1. Application ■ : x is defined as 

X - Y = {B \3AgY.A^ B G X}. 

2. The interpretation function: | ]^ : yl x Env^pv — *■ is defined by 

{MjJ = {AgT'^ \3T \= p. M : A}, 

where p ranges over EnVjpv und B \= p if and only {x \ B) G T implies 
B G p{x). 

3. The triple (.F^, •, | ]^) is called the filter model over . □ 

Notice that previous definition is sound, since it is easy to verify that X ■ Y 
is a y-filter and moreover: 

Theorem 4. 

The filter model (F^, •, | ]^) is a X-model, in the sense of Hindley-Longo [18], 
that is: 

1 = oix^' 

2. IM7V1V = |M1V . |N]V; 

5. IAo:.M]V.X = [Ml^^/^,; 

I (Vx G FV{M). MV = MV) ^ |Aflv = |M1V. 
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5. IXx.MjJ = lXy.M[y/x]jJ, if y ^ FV{M); 

6. (VXe^v.|M]^^/^, = I7Vjv^/^j) ^ IXx.MjJ = lXx.NjJ. 

Moreover it is extensional - that is IXx.MxJJ = |M]^ when x ^ FV{M) - iff 

i CC. 

Proof. (1) We show A G |a;]J iff ^ G p{x). The case is immediate. If 

and A G |a;]J, then T a; : A for some ybasis F such that F \= p. 

So there exists a premise x : A' in F such that A' G p{x). By Theorem 3(1), 
A! A, hence A G p(x). The vice versa is trivial. 

(2) Let A G {MNJJ . Then there exists F \= p such that F MN : A. 
By Theorem 3(2), there exists B G such that F M : B ^ A and 
F N : B, hence B G |fV]J and B ^ A G |M]J. By definition of application 
it follows A G iMjJ ■ |fV]^. 

Let now A G {MJJ ■ |iV] J. Then there exists B G such that B ^ A G {MJJ 
and B G |fV]^, hence there exist two ybases, F and T', such that F \= p, 

F' \= p, and moreover F M ■. B ^ A, F' N : B. Consider the basis 

r" = r tt) r'. We have T" \= p, F" M : B ^ A and F" iV : B. From 
the last two judgments we deduce F” MN ■. A, which, along with the first 
judgment, implies A G {MNJJ . 

(3) Let A G Then there exists F |= p[X/x] such that F M : A. 

Let F = F\ x : B, then, by rule (^ I), we get F' Xx.M : B ^ A. This implies 
B ^ A G IXx.MjJ since from F \= p[X/x] we have F' \= p. Being B G X 
(because F \= p[X/x\), we get A G [Xx.MjJ ■ X. 

Let A G |Aa;.M]^ • X. Then there exists F \= p and B G X such that F 
Xx.M : B ^ A. Since x ^ FV(Aa;.M) by Lemma 1(1) we can assume x ^ F. By 
Theorem 3(5) it follows F,x: B M : A. Since B G X we have F,x:B |= p, 
hence A G |M]J. 

(4) easily proven by induction on the structure of M . 

(5) trivial. 

(6) Suppose that the premise hold and A G \Xx.M\J . Then there is T ^ p 

such that F Xx.M : A. Since x ^ FV(Aa;.M) by Lemma 1(1) we can assume 
x ^ F. By Theorem 3(3) there exist I and Bi,Ci G such that F h'^ Xx.M : 
Bi Ci for all i G / and Ci) A. So we have, for each i G I, 

by Theorem 3(5) F,x: Bi M : Ci. By the premise, we get, for each i G I, 
F,x: Bi N : Ci, which implies |Aa;.M]J C |Aa;.A^]^. Similarly one proves 
lAx.fVlJ C IXx.MjJ. 

We show now that the model is extensional when l ^ (£. Let A G IXx.MxjJ , 
with X ^ FV(M). Then there is F \= p such that F Xx.Mx : A. Reasoning 
as in the proof of (6), we have that there exist / and Bi,Ci G such that for 
each i G I, F,x:Bi Mx : Ci and C\i^j{Bi — > Ci) A. By Theorem 3(2), it 

follows that there exists, for each i G I, Di such that F,x:Bi M : Di ^ Ci, 
and F,x:Bi x : Di. We have Bi Di for each i G I either by Theorem 3(1) 
if Di'f^^Q or by axiom (17) and rule (trans) if Di'^^D. Hence we get, by (<v)j 
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r,x : Bi M : Bi ^ Ci, for each i G I. Since x ^ FV(M) we can apply 
Lemma 1(1) and obtain, for each i G I, B M : Bi ^ Ci, hence, by rules (nl) 
and (<v)j ^ ^ which implies A € |M]^. 

Suppose A G |M]J. Then there exists B \= p such that B M : A. Since 
X ^ FV(M) by Lemma 1(1) we can assume x ^ B. By Theorem 2 we have 
^ C'i) for suitable / and Bi,Ci G T^, so by applying rule (<v) 
we get B M : Bi ^ Ci for each i G B By Lemma 1(2), we have B,x : 
Bi M ■. Bi ^ Ci- This judgment, along with B,x : Bi x : Bi allows to 
obtain, by rule (^ E), B,x : Bi Mx : Ci, for each i G I. By rule (— > I) we 
deduce B Xx.Mx : Bi ^ Ci for each i G I, hence by rule (nl) it follows 
B Xx.Mx : C\i^j{Bi Ci), which implies, by rule (<v)j ^ Xx.Mx : A, 
so we conclude A G |Aa;.Ma;]^. 

Finally, if t € (L the model is non-extensional, since taking p{x) =| we get 
H7 =T while IXy.xyjJ =t 12. □ 

3 Semantical Proof of the Easiness of 

Let UJ 2 be the A-term Xx.xx. For an arbitrary closed A-term M we build a non- 
extensional filter model (iF^ , ’i [ 1 "^ ) such that IM]"^ = |w 2 W 2 ]'^ . 

First we give a lemma which characterizes the types derivable for and 
W 2 ^ 2 . 

Lemma 1. 

L lu 2 : A^ B iff A A ^ B; 

2. LU 2 UJ 2 ■ B iff A A ^ B for some A G such that L 02 ■ A. 

3. //F^ UJ 2 OJ 2 ■ B then there exists A G such that ff{A) = 0, A A ^ B 
and 0 J 2 '. A. 

Proof. (1) By a straightforward computation A A ^ B implies L 02 ■ 
A ^ B. Conversely, suppose 0 J 2 : A ^ B. li then by axioms (12), 

{fl-rf), and rules (jf), (trans), we have A A ^ B. Otherwise, by Theorem 
3(5) it follows X : A xx : B. By Theorem 3(2) there exists a type C G 
such that X : A x : C ^ B and x : A x : C. Notice that implies 

C — > B'/^^f2, since from C — > i?~^12 we get C B^^fl —> 12 by axiom (12- 77 ) 
and rule (trans) and this implies Br^s^Q by Theorem 1. So by Theorem 3(1), 
we get A C ^ B. We have A C either by Theorem 3(1) if C'/'^fi or by 
axiom (12) and rule (trans) if C~^12. From A C ^ B and A C by rule 
( 77 ) it follows A A — !■ S. 

(2) The case i?~^12 is trivial. Otherwise, if W 2 W 2 : B, by Theorem 3(2) 
it follows that there exists A G T'^ such that 0 J 2 ■ A and L 02 : A ^ B. 
We conclude by (1). 

(3) Let 072^2 : B. Then, by Point (2), there exists A G such that 

L 02 ■ A and A<,^ A ^ B. We prove the thesis by induction on ff{A). If ff(A) = 0 
we are done. Suppose now ff{A) > 1. First by Theorem 3(4) A is functional. By 
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applying Lemma 2, we obtain a type A such that A' = ^ Di) 

and = #(^)- From A A ^ B we have r\^^j(Ci Di) A^ B, 

hence, by Theorem 1, there exists J C I such that A Hiej 

Di <sy B. Since uj2 ■ A, by (<v) it follows 0J2 '■ Ci ^ Di for all i S J 
and UJ2 ■ Hie j By Point (1) it follows Vi G J.Ci Ci Di. By axiom 
(— >-n) and rule (77) we get C C — > Hiej Di, and also C C ^ B, where 

C = riigj C'i- We have obtained: 

U)2 '■ C] 

C<sjC^B- 

#(C)<#(A')=#(Vl). 

The thesis follows by applying the induction properties. □ 

We build the desired model by taking the union of a suitable countable 
sequence of eitt’s 17^’* defined in such a way that the final interpretation of M 
coincides with the interpretation of 102^2- In the following (•,•) denotes any 
bijection between IN x IN and IN. 

Definition 8. 

1. The eitt’s are defined inductively on n as follows: 

- = 

^ Vi = Vo; 

- (JiVn + l ^ (£Vn y | ^ G IN}/ 

Vn+1 — Vn II {‘7{n,m) ^ ^ kF{n,m) I G IN}, 

where (kF(n,m))m6lN enumeration of the set {A \ vdash^^ M : A\. 

2. We define as follows: 

= UneIN V' = UneIN Vn- □ 

Since is an eitt and t G , by Theorem 4, it follows that it induces 
a non-extensional A-model. 

Theorem 5. 

The triple {J-^ i ’i [ 1"^ ) a non-extensional X-model. 

We need also a negative result on the typing of 0J2- 

Lemma 2. 

1/^ UJ2 : t and \/^ UJ2 ■ i ^ l. 

Proof. From Theorem 3(4) we get LO2 ■ t, since the type t is not functional. 

To show 1/^ LO2 '. L ^ 0 we define the sets £q, Qr as the minimal sets such 
that: 

I7 G £q', a g TT^ , B G £0 ^ A — > B G £q', 

A, B G £q At B ^ £q\ Wi G £f2 c* G £oj 

G Qi] £q f= Gt.', A, B G Gl An B G Go- 
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It is easy to check by induction on <^/ that for all A € : 

<v' ^ and B G £n imply A e £n; 

B <v' ^ and B G Gl imply A G Gl- 

This implies that l l ^ l since i G Gl and l ^ i ^ Gl- 

Suppose by contradiction that W2 : t ^ we get l <^' i ^ l hy Lemma 

1 ( 1 ). □ 

We are now able to prove the first main theorem. 

Theorem 6. 

The filter model j 'i 1 1"^ ) trivial and = |a;2i^2]'^ • 

Proof. The model is not trivial since it is easy to derive I : t — > t while 
W2 : i — > i by Lemma 2. 

The inclusion |M]^ C |w2W2]^ is almost immediate by construction. By easy 
calculation, u>2 may be given type Cj for any integer j. In fact, since Cj Cj ^ 
Wj, it follows X : Cj XX : Wj, hence Xx.xx : Cj ^ Wj From 

this last fact, by applying (^E), we obtain W2W2 : Wj for all j. This proves 
C IW2W2P'. 

On the other hand, let W2W2 : B. Then applying Lemma 1(3), it follows 
that there exists A such that #(A) = 0, lo2 '■ A and A <^/ A ^ B. Let 
^ = Hie/ fti. By Lemma 2, for all i € / we get that ipi is either J7 or <jj for 
some integer j. This implies either A J7 —!■ f? or A Wj) for 

some J. Therefore from A <^/ A ^ B either £2 B or 3L C J such that 
Pljgi Wj <^/ B, by Theorem 1. Since each Wj is in we have B G 

and we are done. □ 

4 Semantical Proof of the Easiness of cpscJsI 

Let W3 be the A-term Xx.xxx. For an arbitrary closed A-term M we build a non- 
extensional filter model {T^" , •, 1 1'^”) such that 

First we give a lemma, which characterizes the types deducible for W3 and 



Notation. 

In the following Q will denote types of the shape Qk), that is the 

minimal types which I can receive. □ 

Lemma 3. 

1. ujs'.A^ B ijfA<^ A ^ B; 

2. o;3a;3l : B iff there exist A,Q such that A A ^ A ^ Q ^ B and 
W3 : A. 
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Proof. Throughout this proof we freely (and heavily!) use Theorem 3. We show 
just (=>), since (<;=) are obtained simply by applying the typing rules. The case 
is trivial. 

(1) UJ3 : A ^ B implies x: A xxx : B, hence there exist C, D such 

that X : A x \ C ^ D ^ B, x\ A x : C and x : A x : D. The first of 

these three last judgments implies A C ^ D ^ B, while the last two imply 

A C and A D, hence, by rule (77), we obtain A A ^ A ^ B. 

(2) If W3W3I : B, then there exists C such that W3W3 ■. C ^ B 

and I : C. By straightforward calculation it must exist Q such that Q C. 
Moreover this implies C ^ B Q ^ B, hence by rule • Q^B. 

This last judgment holds only if there exists A such that : A ^ Q ^ B 

and 073 : A. We conclude by using Point (1). □ 

We define the eitt as the union of a countable sequence of eitt’s 17^" 
similarly to . 

Definition 9. 

f. B^"' are defined inductively on n as the eitt’s generated by the following sets 
(E^” and Vn" 

- = 

~ Vi = Vo; 

~ GZ'^ U {(y-{ri,rn) i /^(n,m) j T{n,m) I ^ ^ IN } , 

Vn+1 Vn U {(y-{n^rn) — /^(n,m) ; ^{n,m) — 1{n,m) i /^(n,m) — T(n,m) i 

'^{n,m) ^ P{n,m) \ ^ ^ ^}? 

where r = t ^ l and 0,'^y enumeration of the set 

{A I vdash^^M : A}. 

2. We define as follows: 

= U„6iN V" = U„6iN Vn.n 

From Definition 9 we immediately have that B’’^ is an eitt and t G (E'^ , 
hence it induces a non-extensional A-model. 

Theorem 7. 

The triple {J-^ ) is a non-extensional X-model. □ 

Notation. Sometimes we will omit subscript {n, m) for a, /3, 7, W. □ 

The proof of |M]^ = |w3W3l]^ is done in three steps. First we show that 
some subtypings do not hold (Lemma 5) . The second step is a characterization of 
the constants which can be deduced for 073 (Lemma 6). Lastly we use these results 
in order to obtain properties for the types which satify particular subtyping 
relations and which contain proper subtypes deducible for 073 (Lemma 7). 
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For the first step we introduce four subsets of , whose meaning is the 
following (recall that r = t ^ t)^: 

1. is the set of all types which are equivalent to 17; 

2 . Ql is the set of all types which are greater than or equivalent to i; 

3. is the set of all types which are less than or equivalent to t; 

4. Qr is the set of all types which are greater than or equivalent to r. 

Definition 10. The sets £q, Q^, Cl, Gt, defined as the minimal sets such 
that: 

17 G a g TT^ , B G £q A — > B G £o', A, B G £q AC\ B G £q] 
i G Gb] £o ^ Gl] a, B g Gl An B G Gl', 
lGCg, AgT"^" ,B g Cl ^ AnB,BnAG Cl] 

£q Gz Gt] a G Cl, B G Gl A — > B G Gt] A, B G Gt An B G Gt- D 



From this definition we easily get: 

Lemma 4. 

1. £n = {AG T^" I 17 <v" A}; 3. Cl = {Ag T^'' | A i}; 

Gl = {A G T^" I i <v" 71}; 4- Gt = {A G T^" | r <v" A}. 

Proof. It is easy to check by induction on the definition of £n that A G £n ^ 
A 17, and similarly for the other sets. 

Vice versa one can show by induction on <^" that: 



B <sy" 


A 


and 


B G 


B <sy" 


A 


and 


B G 


B 


A 


and 


Ag 


B 


A 


and 


B G 



£o imply A G £o] 
Gl imply A gGl] 
Cl imply B G Cl] 
Gt imply AgGt- 



We consider just the case of application of rule (77) for B G Gt- Let A = A' ^ A”, 
B = B' ^ B" and let the judgment B <sy" A be obtained by applying rule 
( 77 ) from the premises A! <sy" B' and B" <sy" A”. Since B G Gt, it must hold 
B' G Cl and B” G Gl- By (3) and (2) we obtain A' G Cl and A” G Gl, hence A 
belongs to □ 

Next lemma ensures that the types a, (3 , 7 are not equivalent when W 17. 

Lemma 5. IfWi /v" ^ then 7^ Pi ^v" Q ^v" 7*- 

Proof. We prove 7 ^ Pi ^v" contradiction. By Theorem 1 7 ^ <^" Pi 

holds iff Pi <v" oti, since 7 * ^ Pi, P^ ~v" 7 i ^ and 7 !^" t7 

by Lemma 4(1). So it is sufficient to prove Pi Since Ui Pi Ll 

(/3i — > r — > Wi), we are done if we can prove that it is impossible to have 

^ The symbols £n, etc. are overloaded, since they were used already in the proof of 
Lemma 2 and they will be used in Section 5, but no confusion can arise, since it is 
always clear from the context the eitt we are considering. 
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A <v" Pi ^ T ^ Wi, that is 7 i ^ a, <^// /3i —>■ t ^ Wi. By Theorem 1 
being Wi Av" ^ judgment is equivalent to the pair of judgments 

Pi <v" ^v" ^ ^i- Consider this last judgment, that is equivalent 

to {ji — > ai) n (A ^ T — *■ Wi) T — > Wi- By Theorem 1, it should hold 
T 7 i, which is impossible by Lemma 4(4), since 7 ^ ^ Qr- 
Finally we prove Q 7*- contradiction Q <<^" 7 i, by Theorem 1 (since 
li ~v" 7i A and A Av" ^)y Lemma 4(1)), there exists H <Z K such that 
li <v" C\h(^HQh and <v" A, which implies 7* <v" Pi- This is a 

contradiction by above. □ 

The definition of S"^ is tailored so that, as far as constants are concerned, 
W3 can receive just a’s, and hence /3, 7 , and 17, but not l. 

Lemma 6 . Let tp G , then W 3 : tp iff Ui ip for some i. Moreover 

: T. 

Proof. We know, from Theorem 3(4), that We show: 

( 1 ) F^”o ;3 : ai for all i; ( 2 ) ; r. 

(1) Since ai (7^ ^ ap fl (A ^ t ^ Wi), by Lemma 3(1), it is sufficient 
to prove that 7 ^ <v" li ^ li ^ oti and Pi <v" Pi ^ Pi ^ t ^ Wi. The first 
judgment is immediate by the equivalences in on 7 ^ and Pi. The second one 
follows by using rule ( 7 ) twice: 

Pi li ^ ^i 

<v" li^ Pi^ T ^W^ (since a* <^" Pi ^ t ^ Wi) 

<v" Pi ^ Pi ^ T ^ Wi (since A <v" 7*)- 

(2) If W3 : r, then by Lemma 3(1), it should be l i —>■ i i, which is 

impossible by Lemma 4(2) since □ 

Lemma 7. 

1- If Hig/ ai A ^ B ^ C and 073 : B then there is J C I such that 
Hig J 0 !i ^v" B ^ C. 

2. If A <^" A ^ A ^ B and \~^ 0 J 3 : A then there are I , ai € dW , and n 
such that C <sy" C ^ C ^ A^ B, where C = flig/ hi- 
proof. (1) The case C ^ trivial. Otherwise by Theorem 1 from fjig/ 
ai <v” ^ ^ B ^ C we get (f|ig jCtj) n (riiGff('^ ^ WP) <v” B ^ C for 
some J,HCI, since ai ( 7 ^ ^ A) O (A ^ ^ Wi). It is impossible to 
have B <^" t, since this implies W3 : t, which contradicts Lemma 6. So, by 
Theorem 1 it must hold fj^g j oti <v" B ^ C . 

(2) The case B 17 is trivial. Otherwise the proof is by induction on 
fp{A). Notice that A is functional by Theorem 3(4). 

If fp{A) = 0, then A is an intersection of constants which cannot contain l. Thus 
we have A = Pligj A such that ipi is a, P, 7 , or 17, for all i € J (notice that 
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we cannot have tpi = Q for all i € J by Lemma 4(1) since A ^ A ^ B ^ Sq 
when B 7^^" 17). Consider now the type C obtained from A by replacing every 
constant f3i and 7; occurring in A with a;. By Lemma 6 W3 : C. Moreover 
C <sj" A, hence C C ^ C ^ B. The type C has the required shape since 
by construction C = where / = {i € J | '0, ^ 17}, hence the thesis is 

satisfied (in this case n = 0) . 

Let us suppose now #(A) > 0. Then, by Lemma 2, there exist J, Dj,Ej 
such that r\j^j{Dj — > Ej) ~^// A and moreover ^{f]j^j{Dj Ej)) = #{A). 
By Theorem 1, from Ej) <y" A ^ A ^ B there exists H C J 

such that A CljeH ^3 ^3 — v" A ^ B. Let D = CljeH ^ 3 - Since 

W3 : A, it follows by (<v) <^3 ^ D. By the same reason, for all j G H, 

UJ 3 : Dj — > Ej. Hence, by Lemma 3(1), it follows, for all j G H, Dj <sy" 
Dj Dj Ej, which implies f]j^H Dj <v" Clj^HiDj ^ Dj Ej). Using 
(— >-n) and (7) we obtain D <sy" D ^ D ^ Clj^nEj, which implies D <sy" 
D ^ D ^ A ^ B. Since ^{D) < #{A), we can now apply the inductive 
hypothesis and deduce that there exists C = Hig/ n such that C <sj" 

C^C^D^^A^B, which implies C <v" C ^ C ^ A^+^ B, since 
A <^n D. □ 

Lastly we can prove the second main theorem. 

Theorem 8. 

The filter model Gj I "not trivial and |M]^ = |o;3a;3l]^ . 

Proof. The model is not trivial since it is easy to derive I : t while 1/'^ ujs : t 
by Lemma 6. 

(C) By Lemma 6 we have W3 : ai for all i, hence, by (<v)j ^ Pi 

and W3 : /3i ^ T — > Wi. By rule (^ E) it follows W3W3 : t — > Wi. Since 
I : T, we conclude by rule (^ E) W3W3I : Wi for all i, which implies 
[MP" C IW3W3IP". 

(U) Let B G IW3W3IP . The only interesting case is B 17. We get 
W3a;3l : B and by Lemma 3(2), there exist A, Q such that A <sy" A ^ A ^ 
Q ^ B and uj^ : A. By Lemma 7(2) there are /, ai G , and n such that 
C <sj" C^C^A'^^Q^B, where C = Plig/ applying n + 1 times 

Lemma 7(1) we get Hig j ^i ^v" D ^ Q ^ B for some J C I, where D = C if 
n = 0 and D = A otherwise. By Theorem 1 this gives (Hig// cti) E (PliGif (’’’ ^ 
Wi)) <sj" Q ^ H for some H,K J, being ai {-fi ai)n{Pi ^ t ^ Wi). 
Let L = {i G H \ Wi 17}. Since, by Lemma 5 Wi 17 implies Q ^sy" 
'ji,Pi, if we apply Theorem 1 to (Higi/ ^i) Zi (riigif('r ^ Wi)) <v" Q ^ B we 
have that there exist L' C L and K' C K such that (Higi' ^i)^{f^ieK' Wi) ffsy" 
B. Notice that Wi 17 gives ai ai — > ai. The proof by structural 

induction on terms that {x\A \ x G FV(A^)} N : A whenever A A ^ A 
is easy. This implies M : ai being M closed, i.e. ai G |Mp for all i G L' . 
Moreover by construction Wi G |A7p for all i G K' . Since |Mp is a filter, 
(HigL' Zi (Higic' Wi) is in it, hence B too. □ 
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5 Extensional Models 

In this section we will show how to modify the model construction of previous 
sections in order to obtain extensional filter models. In this way we will prove 
the consistency of \(irj + {W2W2 = M} and of Xfi-q + {W3W3I = M}. 

5.1 Consistency of A/lry + {012^1^2 = 

If in Definition 8 we put: 

- = {f2,xh 

- Vi = Vo U {x ~ f? ^ X}; 

we obtain an eitt we call By Theorem 4, •, | is an extensional 

A-model. It is essentially the model of [20]. 

In the type x plays the role of l in . So instead of Lemma 2 we 
need: 

Lemma 8 . 

W2 : X and 1/'^ ^2 : (x ^ x) ^ X ^ X- 
Proof. Define the set £n as the minimal set such that: 

f2 G £q\ a g TT'^'' , B g £q A — > B G £q] 

A,BG£n Ar)BG£o; Wi G £a <iiG£n- 

It is easy to check by induction on that for all A G T^'': 

B A Sz B G £0 A G £q. 

This implies that ^^ 7 '^ X since Q G £n and 

Suppose by contradiction that iOi : Xj i-®- 1“^'' 1^2 : 12 — > X- we get 17 
^ X ~vi, X by Lemma 1(1). 

Similarly from o;2 : (x ^ x) ^ X X by Lemma 1(1) we get X ^ X 
(X ^ X) ^ (X ^ X) ^ X ^ X> which implies by Theorem 1 x ^ X <vi, X- 
Applying again Theorem 1 to this last judgment we get 17 x- bl 

The model , •, | J^'') is not trivial since it is easy to derive b (y— *-x) 
— > X ^ X while l/^’> W2 : (x ^ x) ^ X X by Lemma 8. The proof that this 
model equates a;2i^2 and M is just the proof of Theorem 6 using Lemma 8 instead 
of Lemma 2. 
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5.2 Consistency of \(3r] + {wsu^sl = M} 

If in Definition 9 we put: 

- ={f2, a, t}; 

~ Vi = Vo U {fj ~ r ^ fj, T ~ (7 ^ cr}; 

and we erase the condition t = i — > i, we obtain an eitt that we call ? 
Notice that in this case it is not possible to start from a simpler theory 
built on just two constants, say 17 and y, as in the case of . If contains 
only two constants, we are forced to define t = x ^ X- Whatever equivalence 
we choose to make each constant equivalent to a suitable intersection of arrow, 
we derive type r for which contradicts Lemma 10(2) below. 

By Theorem 4 , •, | ) is an extensional A-model. We prove that 

this model equates wawal to M just mimicking the same proof for the model 

First we introduce five subsets of , whose meaning is the following: 

1. is the set of all types which are equivalent to 17; 

2. C/cr is the set of all types which are greater than or equivalent to cr; 

3. Ca is the set of all types which are less than or equivalent to <t; 

4. Qr is the set of all types which are greater than or equivalent to r; 

5. Cr is the set of all types which are less than or equivalent to r. 

Definition 11 . The sets £q, Qa, C„, Qr, Cr, are defined as the minimal sets 
such that: 

neSn-, A&T"^v,B &£n => A^BeSn; A,B&£n => AnBe£n; 
c (z Q(t ; £q C ; A ^ Cr , B (r Qa A — ^ B ^ Qcr ; A^ B ^ Qa AC\ B ^ Qa ; 

G a Ca\ A^ Qr, B dz Ca A — > B (z Ca A ^ , B (z Ca A C] B , B C] A ^ Ca 

T€Qr\ £n^Gr-, A e Cr,B e Qr ^ A ^ B € Qr-, A,B e Qr ^ An B € Qr', 

T & Cr-, A£Qr,B£Ca => A ^ B £ Cr', A£T^v,B£Cr ^ AnB,BnA£Cr.U 

Similarly to Lemma 4 we can easily show: 

Lemma 9. 

1. £n = {A£ I 17 <v” A}; 

g, = {A& I a <v;; 7l}; I Gr = {A& | r <v'' A}; 

3. £. = {A e I A a); 5. £. = {A G | A r}. 

From previous lemma we immediately have that a and r are incomparable: 

Corollary 1 . a ^vi,' ^vi,' 

In correspondence with Lemmas 5, 6, 7 we have: 



^ Remark that r = t ^ t in , while r is an atom in S^-n . We use the same name 
since this allows us to have the same defininition of a(n,m)- 
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Lemma 10. 

1 . IfW^ ^ /3, ^^1,' 0 ^vl,' 7i- 

2. Let Ip & (L , then h^') uj^ : tp iff ai <vi,' V" foi" some i. 

3- ^/HiG/ G^j -^4 — ^ ^ QjTidj I UJ3 ‘ B then thcTc zs J ^ I such that 

n*G j — v;,' B ^ c. 

4- If ^ ^v" ^ ^ o,nd h^'i W3 : A then there are I, ai G QZ'^'', and n 

sueh that C <v" C ^ C ^ — > B, where C = Hig/ oti- 

Proof. Almost all proofs are the same as those of the corresponding lemmas in 
Section 4, by using Lemma 9 instead of Lemma 4. We only need to prove: 

(a) l/'^” U 3 : r; (b) l/^'i W3 : cr. 

(a) If W3 : T ~vl,' O’ — > cr, then by Lemma 3(1), it should be a <vl,' 

a ^ a ^ a, which implies t ^ a <vl,' <0 — > r. In particular, by Theorem 1, 
being r Lemma 9(1), it should be a <vl,' ”^1 which is impossible by 

Corollary 1. 

(b) is proven similarly to previous Point. If o;3 : cr, it should hold r < vl,' ’’’ ^ 
T —t a. Since r ~vl,' o’ — > cr, this should implies r <^" cr, which is impossible 
by Corollary 1. □ 

The model (iF^'i , •, | )is not trivial since it is easy to derive I : r 
while W3 : T by the proof of Lemma 10(2). The proof that this model 
equates W3W3I and M is just the proof of Theorem 8 using Lemma 10 instead of 
Lemmas 5, 6, 7. 
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Abstract. We present a new proof of confluence of the untyped lambda 
calculus by reducing the confluence of /3-reduction in the untyped lambda 
calculus to the confluence of /3-reduction in the simply typed lambda 
calculus. This is achieved by embedding typed lambda terms into simply 
typed lambda terms. Using this embedding, an auxiliary reduction, and 
/3-reduction on simply typed lambda terms we dehne a new reduction 
on all lambda terms. The transitive closure of the reduction dehned is 
/3-reduction on all lambda terms. This embedding allows us to use the 
confluence of /3-reduction on simply typed lambda terms and thus prove 
the confluence of the reduction defined. As a consequence we obtain the 
confluence of /3-reduction in the untyped lambda calculus. 



1 Introduction 

The main axiom of lambda calculus is the axiom of /3-reduction. The well-known 
scheme of one step /3-reduction is 

{\x.M)N ^pM[x-.= N], 

whereas /3-reduction — is the reflexive transitive closure of — 

The Church-Rosser property or confluence is a fundamental property that 
holds for /3-reduction, — »/?, in the untyped lambda calculus. It states that if 

Afi ^ — Af — 

for any M, Mi, and M 2 , then 

Ml — M3 — M2 

for some lambda term M 3 . There are various approaches and proofs of this prop- 
erty (Barendregt [1], Koletsos and Stavrinos [ 8 ], Pfenning [13], Takahashi [16], 
van Oostrom [17]). 

In order to prove the confluence of — it suffices to prove the confluence of 
any relation whose transitive closure is — Unfortunately, one step /3-reduction 
~^f 3 is not confluent. If 

Ml M ->-f3 M 2 , 

then 

Ml — M3 — M2 

A. Restivo, S. Ronchi Della Rocca, L. Roversi (Eds.): ICTCS 2001, LNCS 2202, pp. 38—49, 2001. 
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for some M3, which is referred to as the weak Church-Rosser property or lo- 
cal confluence. It does not necessarily mean that Mi /3<— M2, since the 

contraction of one redex may duplicate others. Due to the possibility of infinite 
reduction sequences in the untyped lambda calculus, the confluence cannot be 
inferred immediately from the local confluence. It is well-known according to 
Newman’s lemma (Newman [12]) that local confluence implies confluence on the 
set of strongly normalizing lambda terms. 

The way to proceed is to find a confluent relation — !■/ such that 

^/3 C C 

Then the transitive closure of is hence the confluence of —»/3 follows 
immediately. 

Although an elementary inductive definition of — >/ is possible, it is not quite 
clear how to find it. Instead, a deeper understanding of the proof of confluence 
can be obtained by considering — >/ as an image of a strongly normalizing relation 
on a different set of lambda terms. This idea is realized in Barendregt [1] by 
/3o-reduction on the set of marked lambda terms, which is referred to as the 
finiteness of developments. In Takahashi [16] the notion of parallel reduction is 
introduced for the same reason. In Koletsos and Stavrinos [8] this idea is achieved 
by embedding untyped lambda terms into terms typeable with intersection types, 
which are known to be strongly normalizing. 

The central idea of this paper is to reduce the confluence of /3-reduction in the 
untyped lambda calculus to the confluence of /3-reduction in the simply typed 
lambda calculus. For that reason we construct an embedding of untyped lambda 
terms into simply typed lambda terms. We define the required reduction on 
all lambda terms using this embedding, an auxiliary reduction, and /3-reduction 
on simply typed lambda terms. We show that the transitive closure of is 
—»I 3 . The confluence of the auxiliary reduction makes explicit the joining of the 
sets of redexes to be reduced. This embedding allows us to use the confluence 
of on simply typed lambda terms and thus prove the confluence of — >/. As 
a consequence we obtain the confluence of — »/? in the (untyped) lambda calculus. 

Section 2 contains the outline of our proof as well as of the proof of confluence 
presented in Barendregt [1]. In order to keep the work self-contained the notion 
of simple types and simply typed lambda calculus is presented in Section 3. In 
Section 4 we define the embedding of (untyped) lambda terms into simply typed 
ones, the auxiliary reduction on simply typed lambda terms and the required 
reduction — >/ on lambda terms. In Section 5 the relation between reductions in 
simply typed lambda calculus is considered. In Section 6 the investigation of the 
properties of leads to the confluence of /3-reduction in the untyped lambda 
calculus. 



40 



Silvia Ghilezan and Viktor Kuncak 



2 Outline of the Proof 

The proof of the Church-Rosser theorem for untyped lambda calculus in Baren- 
dregt [1] can be represented by diagram in Figure 1. Let A denote the set of 
all (untyped) lambda terms. The set A' of marked lambda terms is defined in 
Barendregt [1]. 

Definition 2.1. (i) A = Var\XVarA\AA, the set of all lambda terms. 

(ii) A! = Var|AVaryl'|yl'yl'|(Ao Var.vl')yl', the set of marked lambda terms. 

A redex of the form {Xqx.M)N is called a marked redex. Note that a lam- 
bda abstraction may be marked only if it is a part of a redex. The notion of 
/9o-reduction is defined as a process of contracting only marked redexes. 

Definition 2.2. /?o = {{{Xox.M)N, M[x := N]) \ M,N G A'}. 

In Figure 1 the notation M N means that the term N is obtained from M 
by marking a lambda abstraction in one of the redexes in M and is its 
transitive closure. The relation is defined by composition 

o o_<^. 



M 




Fig. 1. Proof of the confluence of — >/ using /?o-reduction (in the interior part of 
the diagram the arrow — > denotes — » in the standard lambda calculus terminol- 
ogy) 
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The point of introducing /3o-reduction is that no “new” redexes are created 
during the reduction since in the substitution M[x :=fV] the term N can be an 
already existing marked redex, but it can never be a marked lambda abstraction, 
as we noticed previously. A consequence of this is that /3o-reduction is strongly 
normalizing, i.e. there are no infinite sequences of /3o-reductions. This is proved 
in Barendregt [1] using an ordering on marked lambda terms. Also, /3o-reduction 
is proved to be locally confluent and then altogether, by Newman’s Lemma 
(Newman [12]), it follows that /3o-reduction is confluent on marked lambda terms. 
This result then leads to the confluence of and consequently of /3-reduction. 



M 




Fig. 2. Proof of the confluence of — >/ using an embedding in A— > (in the interior 
part of the diagram the arrow — > denotes — » in the standard lambda calculus 
terminology) 



Our proof has the structure presented by diagram in Figure 2. The embed- 
ding 'P maps untyped terms into terms in the simply typed lambda calculus using 
constants / and g that can be thought of as a retraction pair used in the inter- 
pretation of the simply typed lambda calculus (see Scott [14], Wadsworth [19], 
and Meyer [10]). From the syntactical point of view W blocks all applications. 
Therefore blocks all redexes as well, replacing {Xx.M)N by f{g{Xx.M))N. 
The notion of o-reduction (^o) is introduced to play an analogous role to the 
lambda abstraction marking (—»-): it replaces a blocked redex f{g{Xx.M))N 
by the unblocked redex {Xx.M)N and leaves other applications which are not 
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redexes blocked. In this case ordinary /3-reduction in the simply typed lambda 
calculus will play a similar role to /3o-reduction on marked lambda terms, due 
to the fact that /3-reduction is confluent on simply typed lambda terms. The 
relation — !■/ is deflned to be an inverse image of /3-reduction. It is proved that 
— >/ has all the required properties according to which /3-reduction is proved to 
be confluent on (untyped) lambda terms. 

3 Simply Typed Lambda Calculus 

The notion of simple types and the notion of simply typed lambda calculus X—^ 
are formulated in a suitable way. All types are generated from a basic type 0 in 
the usual way. 

Definition 3.1. The set type of types is defined as follows. 

type = 0 I type -> type 

A type assignment is an expression of the form M : ip, where M G A and 
P e type. A context T is a set {xi : ai,. . . ,Xn '■ Cn} of type assignments with 
different term variables. 

Definition 3.2 (Type assignment system A^). 

The type assignment P : p is derivable from the context T in X notation 
r \- P \ p, if r \- P : p can be generated by the following axiom-scheme and 
rules. 




The crucial point of our proof is the confluence of — in A— >. This is proved 
by Newman’s Lemma since /3-reduction is locally confluent and the set of sim- 
ply typed lambda terms is strongly normalizing. There are direct proofs of this 
property using reducibility arguments and logical relations in Koletsos [7], Stat- 
man [15], and Mitchell [11]. 

Theorem 3.3 (Confluence of in A^). 

The reduction is confluent on simply typed lambda terms. 
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4 Embedding of Lambda Terms into Simply Typed Terms 

In order to construct the embedding of lambda terms into simply typed terms we 
will point out two predefined constants / and g. Hereafter we implicitly assume 
that untyped lambda terms from A do not contain constants / and g. The set 
of terms typeable by the basic type 0 in the simply typed lambda calculus with 
the predefined constants / and g will be denoted by Aq. 

Definition 4.1. (i) Tq = {/ : 0 ^ (0 ^ 0 ), 5 : (0 ^ 0) ^ 0}. 

(ii) Ao = {M € A I (3x1, . ■ ■ , a;„) Tb, xi : 0, . . . ,x„ : 0 h M : 0}. 

The idea is to show that terms in the interior region of diagram 2, i.e. all terms 
but M,P,Q, and R, are terms typeable by type 0 in the simply typed lambda 
calculus with predefined constants / and g, namely that they belong to Aq. 

Note that some of our definitions are stated on more general sets of lambda 
terms than needed. This makes it simple to immediately check their validity. 
Later propositions will make the intended domains clear. 

The embedding ll' : A —f Aq that allows the representation of arbitrary 
untyped terms in the simply typed lambda calculus is defined as follows. 

Definition 4.2. (i) 'P(x) = x. 

(n) <R{MN) = fW{M)W{N). 

(Hi) ’f'(Ax.M) = g{\x.W{M)). 

It is straightforward to verify that If' : 4 — > Tq. 

Proposition 4.3. (VP G A) >f'(P) G 4q. 

Proof. By induction on the construction of the term P. 

Case P = x. Clearly, Pq, x : 0 h x : 0. 

Case P = MN. By the induction hypothesis Pq, Xi : 0, . . . , x„ : 0 h <P{M) : 0 
and Pq, yi : 0, . . . , : 0 h !f'(iV) : 0. Since / : 0 ^ (0 ^ 0) G Pq, we have 



Po,zi:0,...,Zfe:0h/if'(M)if'(lV):0, 

where {zi,...Zk} = {xi, . . . , x„, yi, . . . , y^}- 

Case P = (Ax.M). By the induction hypothesis Pq,x : 0,xi : 0,...,x„ : 
0 h •f'(M) : 0. Therefore, Pq,Xi : 0,...,x„ : 0 h (Ax.!f'(M)) : 0 ^ 0. Since 
y : (0 ^ 0) ^ 0 G Pq, it follows that Pq,xi : 0, . . . ,x„ : 0 h y(Ax.!f'(M)) : 0. 

This was the idea behind the definition of and it will allow us to use the 
confluence of /3-reduction in the simply typed lambda calculus. Obviously, 
/ and g act as a retraction pair for a Scott domain (see Scott [14]). 

Next we define the o-relation which induces the auxiliary reduction — *o- This 
corresponds to the marking of lambda abstractions that are parts of already 
existing redexes. 
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Definition 4.4. o = {{f{g{Xx.M))N, (Xx.M)N) \ M, TV S vl}. 

As usual, —^o is the congruent closure of o and —»o is the reflexive transitive 
closure of — >o- We use the term unblocked redex to denote a /3-redex and we 
refer to a term of the form f{g{Xx.M))N as a blocked redex. Hence, W blocks 
all applications (including redexes) and o-reduction turns blocked redexes into 
unblocked redexes leaving blocked applications which are not redexes. 

Proposition 4.5. (i) Aq is closed under —»f 3 - 
(ii) Aq is closed under -^o- 

Proof, (i) Easy, since subject reduction holds in A^. 

(ii) Let P G Aq and P^oQ, where R = f{g{Xx.M))N->-o{Xx.M)N is the 
contracted o-redex in P. Then Po,r h P : 0. According to the types of 
/ and g we obtain that Pg, P \- R : 0. By the typeability of subterms (see 
Barendregt [2]), it follows that Pq,P b (Xx.M) : 0 — > 0 and Pq,P b TV : 0. 
This implies Pq,P b {Xx.M)N : 0. This means that the resulting term Q 
remains well-typed with the type 0. 

Example 4-6. Let Q = (Xx.xx)(Xx.xx). Then 

!^(^) = f{g{Xx.fxx)){g{Xx.fxx)). 

Let TV = {Xx.fxx){g{Xx.fxx)). Observe that has no /3-redexes, whereas TV 
has no o-redexes. However, there is an infinite reduction 
P{Q) TV (Q) TV 

which corresponds to the /3-reduction Q.—^| 3 Q.—^| 3 D.—^p... in the untyped lam- 
bda calculus. In this way, the combination of /3- and o-reduction enables us to 
simulate infinite /3-reductions of untyped lambda terms in A— >. 

Proposition 4.7 (Confluence of — >o)- 

If Ml o<— M -^o M 2 , then there is M 3 such that Mi — >0 M 3 o<— M 2 . 

Proof. If TVfi has an unblocked redex Z\i and M 2 has an unblocked redex A 2 , 
then M 3 has both redexes Ai and A 2 unblocked. (In terms of term-rewriting 
systems, there are no critical pairs because any two o-redexes are either properly 
contained one in the other or are in disjoint parts of the term, see Dershowitz 
and Jounnaud [3].) 

The previous proposition is even more obvious in terms of redex marking: if Mi 
and M 2 are obtained by marking different redexes in M , then M 3 has marked 
redexes from both TVfi and M 2 . 

Corollary 4.8 (Confluence of -^o)- 

If Ml o«— M —»o M 2 , then there is M 3 such that Mi — »o M 3 o«— M 2 . 

Proof. From Proposition 4.7 by simple diagram chasing. 
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Following the idea that — >/ has to be an image of a strongly normalizing 
relation, we are now in the position to define the required relation —fj on untyped 
lambda terms. A relation, say r, between untyped lambda terms and terms 
typeable in X—^ can be established in the following way: first, W turns untyped 
terms from A into terms from Aq and then — »o unblocks some redexes (the 
effects analogous to marking lambda terms are achieved). The relation — *■/ is 
then defined as an inverse image w.r.t. r of /3-reduction in A— >. 



Definition 4.9 (Reduction -^i). 



(i) T = W o -^o- 

(ii) —>i = T o — , and it corresponds to the following diagram. 




Example 4 . 10. Let M = {Xx.xy){Xz.z) and N = {Xz.z)y. Then 

= f{g{Xx.fxy)){g{Xz.z))^Mo = (Xx.fxy){g{Xz.z)). 

O 

Therefore, MtMq. Let Nq = E{N) = f{g{Xz.z))y. Trivially, E{N) No, so 
NtNq. The fact that Mq —»i 3 Nq, together with MtMq and NtNq, means that 
M^iN. 

Note that M — >/ y is not true. The reason behind this is that the redex present 
in N was created during the reduction (it did not exist in M). 



5 Relating Reductions 

The next two lemmas are the key steps for this proof of the confluence of -^j. 

Lemma 5.1. Let M G Aq. If Mq M N , then Mq^^ Nq o-^ N for 
some Nq G Aq. 




Proof. Note that all unblocked redexes from M are also unblocked in Mq, so 
in order to perform the reduction Mq Nq just reduce the unblocked redexes 
corresponding to those reduced in M—»pN. For N—»oNq, unblock as many 
redexes as necessary to obtain Nq. According to Proposition 4.5 Nq € Aq. 
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Example 5.2. According to the previous lemma the reductions which correspond 
to 



(Xx.yxx){{\z.z)y) ^{Xx.yxx){f{g{Xz.z))y) y{f{g{Xz.z))y){f{g{Xz.z))y) 

o (3 

are 

{Xx.yxx){{Xz.z)y)^y{{Xz.z)y){{Xz.z)y)^y{f{g{Xz.z))y){f{g{Xz.z))y). 

5 o 

Lemma 5.3. Let M £ A. If M t Mq Nq, then M —»i3 N t Ng for some 
N eA. 




Proof. Let <I'{M)^o Mq- Suppose Mq This /3-reduction reduces redexes 

from M unblocked by so there is a corresponding reduction M for 

some N € A, such that •f'(TV) -^o No- 

Proposition 5.4. r(A) = {N \ (3M € A) (M,N) S r} is closed under 

Proof. Given Mq G t(A), if Mq Nq, then by Lemma 5.3 there is N G A such 
that NtNq. Therefore Nq G t(A). 

Proposition 5.5. t{A) is closed under -^o- 

Proof. Let Mq G t{A) and Mq-^o Nq. Then by the definition of r (Defini- 
tion 4.9) E{M) Mq for some M G A. Also, E{M) Nq, hence Nq G t{A). 

Obviously, Proposition 5.4 and Proposition 5.5 provide stronger results than 
Proposition 4.5. Previous two propositions show that in Figure 2 all but the 
terms M, P, Q, and R are in t{A). 

Corollary 5.6 (Confluence of — in t{A)). 

f}-reduction is confluent in t(A). 

Proof. The statement follows by the confluence of — »/? in (Theorem 3.3), 
since t{A) is closed under (Proposition 5.4). 
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6 Confluence of — >j and — 

In this section we show that — >/ is the right relation for our purpose, showing 
that the transitive closure of — *■/ is exactly — 

Lemma 6.1. — >/ C —»/ 3 . 

Proof. Let M^iN . This means that M r Mq Nq and N t Nq. By Lemma 5.3, 
there is some Ni G A such that M and also NiT Nq. Both 

'P{Ni) Nq and <F{N) Nq, so it follows that by erasing all constants / and g 
from Nq we obtain both and N. Hence N = Ni, so M ^fjN . 

Lemma 6.2. C 

Proof. Let M^pN where Z\ is a /3-redex in M. Let >oMq with only 

the redex A unblocked by — >o- Let Mq -A’p Nq with Aq being the redex in Mq 
that corresponds to A. It is easy to verify that <F{N) — Nq. Now we have that 
W{M) -»o Mq ^p Nqo<^ 'I'iN), implying M N. 

Proposition 6.3 (Confluence of ~^i). 

The reduction — >/ is confluent on A. 

Proof. Let P/<— M — >/ Q. We obtain the desired term R with the property 
P Ri^ Q by constructing the diagram in Figure 2 in several steps. 

1. By Definition 4.9 of we have that 

T{P) ^Pi<^Mi<^ T{M) M 2 Qi T{Q). 

o p o o p o 

2. Using the diamond property for —^^o (Corollary 4.8), we obtain that 
Ml — »o Mq o * — M 2 . 

3. By Lemma 5.1 we have that Pi — »o P 2 M 3 nd Mq —» p Q 2 o Qi- 

4. Notice that P 2 p «— Mq —»p Q 2 . By Proposition 5.4 and Proposition 5.5 all 
mentioned terms except M, P, and Q are in t(v 1), hence by confluence of —»p 
in t{A) (Corollary 5.6) we have that P 2 -^p R 2 p^Q 2 for some R 2 € t{A). 

5. Finally, by the definition of r (Definition 4.9(i)) there is R G A such 

that •F(P)— *oP 2 - Therefore 'f'(P) — »o Pi P 2 — »/3 P 2 o !^(P), which 

means that P R and also 'f'(P) — »o P 2 /3 Q 2 o Qi o ^'(Q), which 

means Rj <— Q. Now we have P Rj <— Q, which completes the proof. 

Theorem 6.4 (Confluence of —r>p). 

The reduction —»p is confluent on the set A. 

Proof. By Lemmas 6.1 and 6.2, we have -^p C —fj C — therefore the tran- 
sitive closure of — *■/ is — »/?. By Proposition 6.3, — *■/ is confluent. Now again a 
simple diagram chasing argument yields the confluence of —»p in A. 
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7 Discussion 

Confluence is of great importance in the theory of rewriting as well. Beside 
Newman’s Lemma there are several conditions for confluence of abstract rewrite 
systems. Detailed studies of this subject can be found in van Oostrom [17], van 
Oostrom and van Raamsdonk [18], and Klop et al. [6]. 

The proof of the flniteness of developments presented in Ghilezan [4] and [5] 
is based on the strong normalization property of the simply typed lambda cal- 
culus. For that reason a bijection is established there between /3o-reduction on 
marked lambda terms and /3-reduction on a subset of simply typed lambda terms. 
This bijection explains the correspondence between the proof of the confluence 
presented in this paper and the proof in Barendregt [1]. 

In the proof of the confluence in Koletsos and Stavrinos [8] the confluence 
of /3-reduction in the intersection type system was used. The same system was 
considered in Krivine [9] in order to prove the flniteness of developments. Despite 
its simplicity, the system of simply typed lambda calculus turned out, as well, to 
be adequate for proving the confluence of /3-reduction on all (untyped) lambda 
terms. 

Our proof, together with the proofs in Krivine [9], Koletsos and Stavrinos [8], 
and Ghilezan [4] and [5] adds to the understanding of the relation between the 
typed and the untyped lambda calculi. 

Acknowledgment The authors are grateful to George Stavrinos for helpful 
remarks. 
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Abstract. We present a type inference procedure with partial types for 
a A-calculus equipped with datatypes. Our procedure handles a type 
language containing greatest and least types {u> and _L respectively), re- 
cursive types, subtyping, and datatypes (yielding constants at the level of 
terms). The main feature of our algorithm is incrementality, this allows 
us to progressively analyse successive definitions, which is of interest in 
the setting of a system like the CuCh machine (developed at the Univer- 
sity of Rome). The methods we describe have led to an implementation; 
we illustrate its use on a few examples. 



1 Introduction 

Modern functional programming languages are usually equipped with powerful, 
polymorphic type systems which preserve most of the great freedom and general- 
ity which are typical of the functional paradigm. However a completely type free 
programming style, allowing one to work with heterogeneous data structures 
or to define operators (like auto-application) which would not be typable in 
a standard way, is still appealing and supported by real programming languages 
([AS85]).^ 

Even in a type free environment, however, most real functional programs 
could naturally be typed in an ML-like type system, since there are usually 
few functions or parts of these which would not get a type although correctly 
designed for performing their intended task. The definition of these functions 
often requires a deep understanding of the functional paradigm and a good 
programming skill. A programmer writing them should then be aware of this 
and well confident in what he is doing. 

One main motivation of this paper is that of studying an inference framework 
for recursive and polymorphic types, liable to be added to the top of a type-free 
functional programming language. The system is not designed to reject any pro- 
gram, but rather to give only partial type information for those programs which 
cannot be typed in the usual sense. Another fundamental feature of our type 
system is the treatment of subtyping. Subtyping will be motivated by the need 
to define a partial order structure over the set of types representing different lev- 
els of type information, but it will also allow us to properly handle the inclusion 
properties of user-defined datatypes. 
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Our system was designed as a typing support for the CuCh machine, a system 
developed at the University of Rome in the team of Corrado Bohm (the design 
of a type inference procedure for this system actually originated our work) . The 
CuCh machine is a programming language based on the untyped A-calculus. 
There are two modes to define objects in CuCh, called Olarni and Oenv; in 
Olarni, the user defines A-terms using abstraction, application, and some built-in 
constants including natural numbers, strings, lists and boolean tests. The Cuch 
system also supports the definition of inductive data types. The Oenv mode 
is used to define functions on the free algebras generated by user-defined data 
types by sets of equations, following [BB85]. The introduction of free algebras 
and of recursive definitions over these algebras is akin to the classic second-order 
encoding of datatypes; however, in CuCh, the solutions to (possibly recursive) 
definitions are not defined using a fixpoint operator, but rather following the 
Bohm-Piperno technique of [BPG94], using self-application. In this setting, more 
freedom is given in the construction of terms, and “traditional” type systems for 
functional languages a la ML can sometimes be too restrictive. 

The basic technical tools for the definition of the system are the introduc- 
tion of a “greatest” type uj and of a recursion operator over types. The use of 
type u! has been inspired by the ’’partial” type system introduced in [Tha94] 
(following [Goni90]), to describe some terms that are considered as ill-typed in a 
classical setting. Examples of such terms are auto-applications (e.g. Xx. (xx)), or 
heterogeneous lists (e.g. [true; Xf x. {f x)]). Using a notion of subtyping among 
partial types one is able for example to infer judgments like Xx. {x x) : {u!—^a)—>a 
(where a is a type variable). The type associated to the occurrence of x in ar- 
gument position can be coerced from u-f-a to ui in order to permit the auto- 
application, yielding final type a. In [Tha94], however, there are still terms that 
cannot be typed (like Ax.a;(3 3)) although their behaviour could be represented 
by some partial type (like, in the former example, (w— >t)— ). To handle these 
cases (following e.g [BCDC83]), we introduce a rule (w) postulating that any 
term has type w. 

Partial types can carry useful information. If we prove, for instance, that 
a (closed) term M has type uj^uj we know that M represents a “function” 
and not, for instance, an integer. Moreover this also guarantees that M can be 
head-reduced to a term of the shape Xx.M' without going through meaningless 
applications like those determined for instance by a functional application in 
which the value in function position is an integer. 

Other interesting typings can be derived assuming the existence of recursive 
types. For instance assuming to have a type c such that c = c — >0 we can assign 
to Xx. (xx) type c— = (c— ua)— which turns out to be smaller (and then 
more informative) than (uj—*a)—>'a. The introduction of recursive types amounts 
to extend the set of types allowed in the system to all regular infinite tree expres- 
sions. The type system presented in this paper works indeed on this extended 
set of types. 

The question of partial type inference, as addressed in [Tha94], is shown to 
be decidable in [W092], and [KPS94] provides an efficient algorithm to solve 
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the problem. Our study differs from these works by three main aspects. First 
of all the language we focus on is equipped with user-defined datatypes (as well 
as with a least type, written _L, that has to be introduced mainly for technical 
reasons). The introduction of (parametrised) datatypes somehow increases the 
complexity in the structure of the typing information that has to be dealt with, 
as will be seen thorough this study. 

The second main original aspect of our work is the stress that is put on 
incrementality in defining the type inference method. Indeed, the traditional 
approach to type inference in presence of subtyping consists in exploring the 
structure of the term to be typed, and, while doing so, in collecting the cor- 
responding subtyping constraints. Once all these constraints are put together, 
one can attack the problem of constraints satisfiability using several different 
approaches ([KPS94], for example, uses an automata-based method). 

In this paper, we try on the contrary to preserve the readability of the type in- 
formation along the exploration of the term. Our approach, inspired by [W092], 
consists in representing internally the typing information about a given term on a 
table, which represents a kind of principal typing of the term itself (see [Jini96]). 
In doing this, however (and this is were our study differs from [W092]), we are 
interested in inferring the consequences of the type constraints as soon as they 
are generated, and in resolving immediately the possible resulting inconsisten- 
cies. This kind of inconsistencies can be eliminated at the typing level, only by 
the use of the (w) rule. To take this into account in the inference process (and 
this is the third new aspect of our approach), we introduce a notion of guarded 
constraint, that allows us to define an incremental and rather flexible type in- 
ference procedure. Due to the possibility of incomparable uses of the (w) rule, 
however, the number of principal typings (i.e. tables) of a term is in general finite 
but not unique. 

The paper is organized as follows. In Section 2, we introduce our system, 
defined by the terms of a core subset of CuCh, the (possibly recursive) defini- 
tions, the language of types and the two judgments corresponding to the typing 
and subtyping relations. Section 3 is devoted to the technical definitions we need 
for our type inference procedure, i.e. tables (to represent the type constraints), 
properties of tables, and various functions over tables. We define our type infer- 
ence method in Section 4, as well as an heuristic to recover consistency where an 
inconsistent table is generated during the type inference process. In Section 5 we 
introduce the inductive datatypes and show how they can be integrated in the 
system. We finally conclude. In the appendix, we present the implementation of 
our system and illustrate its behavior through an example. 



2 The System 

We introduce a restricted language to develop the basic theory. In this core 
language we assume to have int, real and bool as basic types, provided with 
the usual arithmetic and booolean constants. Indeed in the complete language 
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also int and bool are defined as inductive data types. The extension to the full 
language will be presented in Section 5. 

Objects of the Language 

Terms The terms we use are defined by the following syntax: 

M Xx.M I X I MN I c, 

where constants (denoted by c) are represented by the basic integer, real and 
boolean functions and terms. In CuCh, recursive functions are not introduced 
with a fixpoint-like construct, but are instead given by recursive equations (in- 
troduced below). 

Definitions We consider simple CuCh definitions with the following syntax: 

I ■= M 

where / is an identifier and M an expression, possibly containing occurrences 
of I, hence we deal in general with recursive equations. We write D to range 
over a sequence of definitions. 

Programs A CuCh program is a list of definitions followed by an expression: 

P ■= D M. 

where D is a sequence of definitions and M an expression. An example of Cuch 
program is the following 

M := \x y. ((y (x 3)) (x x)) 

N := (M \z.z) 

(N (\u v.u)) 

Types and Type Schemes Types are built from a set B = {int, real, bool,T,w} of 
basic types, where T represents the ’’least type” (which we assume to be included 
in every other type) and ui the whole domain of values (which then includes 
all types). We will introduce two notions of types, the ground types and the 
type schemes. In order to make our type discipline more liberal we also handle 
recursive types, introduced through the p, operator; recursive types represent 
infinite (but regular) types. The syntax of type schemes is the following: 

T := V I int I real | bool | w | T | T^T | pt.J , 

where V is a set of type variables. As usual the operator p acts as a variable 
binder. Informally, a type of the shape pt.A is intended to represent the infinite 
regular tree obtained by infinitely unfolding A along t. For example a type T = 
/it.int— represents the following infinite type: 
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int 



Ground types are then defined as the subset of closed type schemes, i.e. those 
containing no free variables. Let G denote the set of ground types. 

In the style of the ML type system ([Mil78]) a type scheme intuitively repre- 
sents all its possible instances with ground types. Note that every ground type 
is trivially a type scheme. 



Subtyping Relation 

We define a partial order relation < between types (representing inclusion of the 
corresponding sets of values). The basic inclusion is int < real (which represents 
a prototype structural inclusion between datatypes). Types T and uj represent 
respectively the least and greatest elements with respect of this relation, so we 
have T < r < a; for all types T. 

The inclusion axioms induce a natural partial pre-order relation in T, cor- 
responding to the semantics given in [CC91]. This inclusion can be completely 
formalized (see e.g. [AC93, AK95, BH98]) and is decidable. We give here only 
the basic subtyping rules. 

Let U denote a set of subtyping assumptions of the form t < u, where t and u 
are type variables. The judgment for inclusion between type schemes is written 

S\- A<B. 

Figure 1 gives the rules defining these judgments, where A k. B intuitively 
means that A and B represent the same infinite tree (i.e. have the same infinite 
unfolding). A complete axiomatization of w is given in [AC93]. Note the usual 
monotonicity-antimonotonicity of — 

We write A < B for \- A < B, meaning that A < B can be derived from the 
empty set of assumptions. 



(S'i) S\- ±<T (S„) \-T<lo (S'c) r h int < real 



(Sid) s 1 <t 



(Sac) 



A'P^B 

A<B 



E'r A<B E'r B <C 

(^Strans^ i^Shyp^ E^ t ^ U \~ t ^ U 

E\- A<C 

E h A2 < Ai E h Bi < B2 E, t < w h A < B 

iS^) iSp) ^ 

E h Ai— < A2— >B2 E h gt.A < gu.B 



Fig. 1. Subtyping relation 
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Remark 1. (i) The intuitive type semantics in our approach relies on the notion 
of types as topologically closed subsets (ideals) of the domain of interpretation of 
the language [CC90] . This model also supports the notion of recursive type and 
recursive type equation. In this case the least (undefined) element of the domain 
belongs to every type. The type uj is then interpreted as the whole domain while 
T is interpreted as the singleton containing only the least element of the domain. 
This provides a justification of the consistency and semantic correctness of the 
subtyping assumptions. 

(ii) In our core language structural type inclusion is only represented, at the 
ground level, by the inclusion int < real. More interesting structural subtyping 
will be introduced by Datatype definitions (see Section 5). That framework shall 
provide a richer set of schemes and subtyping rules. 

Typing Rules 

We consider two typing judgments, one for terms and one for definitions. The 
typing judgement for terms is of the form 

z\,r h M : r, 

where M is a term, T is a type, T is a set of typing assumptions for the free 
variables of M and A is the type environment determined by a CuCh definition, 
associating a type to each defined name. The domains of A and F are always 
disjoint. As usual, F and A are seen as sets, modulo permutations. Accordingly, 
we use 0 in the formal system to explicitly denote an empty sequence or an 
empty environment. The notation F. x: A denotes a set of assumptions contain- 
ing X : A (which is assumed not to appear in F). For each constant c we assume 
a type r(c) which captures its functional properties. For instance r(3) = int and 
t(succ) = int— s-int, where succ is the successor function on integers. The typing 
judgments for definitions are of the form 

bde/ D => A, 

where D is a sequence of CuCh definitions. The meaning is that A is the type 
environment determined by the definitions in D. The rules defining typing judg- 
ments are given on Figure 2; in rule (env), new{A) is a function that returns a 
fresh copy of A introducing new type variables. 

Notation: We indicate with h“, derivability in the systems obtained 

from those of Fig. 2 by eliminating rule (w). 

It is easy to see that type assignment is closed by substitution. 

Lemma 1. Suppose A, F \- M : T . Then for any substitution a, 

a{A),a{F) h M : a{T) . 



Typing judgements containing free type variables can thus be seen as typing 
schemes, representing all their possible instances. 
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(var) A, r.x ■. A\- X ■. A (env) A.I -.A, F \- I :new{A) 

(const) A,F\-c:t{c) (uj) A,F\-M:uj 

A,r.x-.A\- M-.B A,r\- M:A^B A,r\-N-.C C<A 

i^i) {^e) 

A,r\- Xx.M-.A^B A,r\-(MN)-.B 

\-d<,f D ^ A A,{F.A} M:B B<A 

(Deflh) \~def 0 => 0 (Defmore) 

hde/ D. I --M => A. I: A 

Fig. 2. Typing expressions and definitions 



Some Basic Properties 

A notion of reduction for expressions of the CuCh machine can be defined by tak- 
ing into account computation rules introduced by the definitions. Let indeed D 
be a list of definitions. For each definition 

I := M 

in D, add a reduction rule 

I M . 

Let be the notion of reduction we obtain by adding this notion of reduction 

to the usual (3. It is routine to prove the subject reduction theorem. 

Theorem 1. Let D be a list of CuCh definitions and let M be an expression 
such that 



\~def D ^ A and A, F h M : T. 

Then whenever M — we have A,F \- M' : T. 

Our system has no normalization property, owing to the presence of recursive 
definitions and of rule (w). We can however prove a weaker result which is anyway 
interesting from a programming point of view. 

The top level operator of a term M is the operator associated to the root of 
its abstract syntax tree. This can be, in our language, application, abstraction or 
a constant. In a language with datatypes it could also be a datatype constructor. 
A head reduction is a reduction in which, at every step, only the leftmost outer- 
most redex can be reduced, provided it does not occur inside the scope of some 
term operator different from application. We say that a term is in weak head 
normal form if no head reduction step can be applied on it. We can prove the 
following property. 
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Theorem 2. Let D be a list of CuCh definitions and let M he an expression 
sueh that 

\~def D => Z\, Z\, r h M : T and T ^ ui. 

Then either the head reduetion starting from M is infinite or M head reduces to a 
term M' in weak head normal form whose top level term constructor corresponds 
(in an obvious sense) to the top level type constructor ofT. 

By the above theorem, for instance, if T = oj^uj then M reduces to a term 
of the shape \x.M' or to a constant function like succ. Theorem 2 assures that 
in the head reduction of a term having a type different from uj, no meaningless 
applications (like, for instance, (3 3)) can be encountered. 

This is not true, in general, for reductions strategies which can reduce non 
head redexes, like call- by- value. We can prove a stronger result for the system 

without rule u. We say that a term is well formed if it does not contain 
meaningless applications in the sense explained above. 

Theorem 3. Let D be a list of CuCh definitions and let M he an expression 
such that 

\~def D ^ A and Z\, T M : T . 

Then M is well formed. 

Form Theorems 1 and 3 we have immediately that terms that can be typed 
in h“ never produce bad applications independently of the reduction strategy 
being applied. 



3 Systems of Type Constraints 

3.1 Type Constraints and Tables 

Our inference procedure is based on the representation of relations between types 
by sets of constraints. In this section we define the procedures to handle these. 

A substitution is defined here as a finite mapping a between type variables 
and types in T, that is naturally extended to all types. A single substitution is 
denoted [t := A]-, it replaces t by A and behaves like the identity on all other 
variables. Similarly, [ti \= Ai, ... ,tn '■= A„] (where ti does not occur in Aj for 
all 1 < i, j < n) denotes the composition of n single substitutions. If all the 
type expressions Ai are single variables, we say that [ti := Ai, . . . := A„] is 

trivial. 

A ground substitution 7 is instead a mapping from type variables to ground 
types. 

Definition 1 (Constraints). A type constraint is an expression of the form 
t < ui^U 2 or Ml— < t where t, mi,M 2 are type variables. 



58 



Mario Coppo and Daniel Hirschkoff 



To handle the inference rule (w) of Fig. 2 we need the notion of guard an some 
operators on it. 

Definition 2. (i) A guard is a list of type variables. Let w range over guards. 

(ii) Ifwi, W 2 are guards then wpW 2 is the guard obtained by eoneatenating w\ 
and W 2 and by eliminating from W 2 the variables which already occur in w\ . 

(Hi) A guarded constraint (g.c. for short) is an expression of the form w.q 
{A < B) where w is a guard and A < B is a type constraint. 

If S' = {wi :g {Ai < Bi) I 1 < i < n} is a set of g.c. and w is a guard then wi>S 
denotes the set {wt>Wi :g {Ai < Bi) | 1 < i < n}. A guard hides the constraint 
associated to it whenever at least one of the variables occurring in it is set to ui. 

A solution of a set S of g.c. is a ground substitution 7 such that for all 
w.G {A < B) G S in which 7(f) ^ oj for all variables t in u> we have 7(A) < ^{B). 
A strong solution of S is a ground substitution 7 such that for all u> :g (A < 
B) G S we have 7(A) < 7(B) (ignoring guards). 

The inference algorithm keeps the information about the types involved in a 
deduction using the notion of table, which has been inspired by [W092]. A table 
is simply a structured set of type constraints, which are represented in a slightly 
different way via the notion of guarded elementary expression. 

Definition 3. (i) A guarded elementary expression (g.e. for short) is an ex- 
pression of the shape w:g{vi->-V 2 ) where V\,V 2 are variables. 

(ii) A table 0 %s a set of triples (t, L, U) (called the entries of the table) , 
where t is a variable and L and U are sets of g.e. which are said, respectively, 
the lower and upper sets oft in 0. If (t,L,U) G 0 we denote L as LQ{t), or 
simply L(t) (when 0 is understood) and U as Uait), or simply U(t). Moreover 
define dom{0) = {t \ (t,L,U) G 0}. 

A table is just a structured way of representing a set of elementary g.c.s. In 
fact each w.q (A) G L{t) represents a g.c. w:a{A < t), and each w.q (A) G U{t) 
also represents a g.c. w :g {t < A). A solution of a table is a solution of the 
corresponding set of g.e.s. 

A simplified table (s-table for short) S' is a structure which has the same 
shape as a table but without guards. So the elements of the upper and lower 
sets are type expressions (containing only one type constructor) instead of g.e.s. 
The kernel of a table 0, written kernel(0) is an s-table S obtained from 0 by 
erasing all guards. 

Definition 4. A table 0 is closed if for all t G donf0) such that both L{t) and 
U{t) are nonempty and for all wi :g (mi— >M 2) G L{t) and W 2 -g {vi^V 2 ) G U{t) 
we have: 

- Wi>W2>L{u2) C L{v2). 

- WI>W2>U{V2) C U{U2) 

- wi>W 2 >L{vi) C L{ui) 

- Wi>W 2 >U{ui) C U{vi) 
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A table obtained from a set of elementary g.c.s is in general not closed. It is easy 
to define an algorithm closure that takes a table 0 in input and returns its 
closure closure(0) by adding elements to the sets L{t), U{t) according to the 
previous definition. Since all the new constraints added to a table by closure 
are simply consequences of the definition of the < relation we have immediately 
the following lemma: 

Lemma 2. A table 0 and its closure closure(0) have the same solutions. 

There is a simple condition to decide whether a closed table has a solution. 

In the following definition we informally assume the existence of a partial 
order between type constructors. This coincides with the subtyping relation for 
constant types. The type constructor — > is considered incomparable with all 
constant types, while T (u>) is smaller (greater) than all type constructors. 

Definition 5 (Consistent table), (i) A closed table 0 is consistent with re- 
spect to a variable t € dom(0) if there is a type constructor c which is a sup 
for all type constructors occurring in L^lt) and an inf for all type constructors 
occurring in JjQft) 

(ii) A closed table 0 is consistent (tout court) if it is consistent with respect 
to every t € dom{0). 

Note that a table 0 is always consistent with respect to a variable t if UQ{t) 
(resp. LQ{t)) is empty. In such case we can can take t ■.= uj (resp. t := T). 

3.2 Solving Tables 

In this subsection we show that every consistent table admits a strong solution, 
and we give an algorithm to find it. To obtain it we need to define some more 
transformations on tables. To keep notations light we consider here only simpli- 
fied tables. The extension of the transformations to guarded tables is routine. 

Let an elementary substitution (e.s. for short) e be an expression of the 
form [t := ui— >^ 2 ] where Ui,it 2 are variables. A substitution path (s.p.) is 
a list (e„,...,ei) of e.s. such that no two e.s. in it have the same l.h.s.. A 
s.p. s = (e„, . . . , ei) naturally determines a substitution e„ o . . . o ei (where o 
denotes function composition) which we identify with s itself. Let dom(s) denote 
the set of variables occurring as l.h.s. of the e.s. in s. 

We now define a function solve, that takes a simplified closed table S', and 
returns a pair (S', s) where S' is a simplified closed table and s is a substitution 
path. We define function solve by giving an algorithm to compute it. 

Definition 6. Let Ei be a closed table. The function solve is defined by the 
following steps. The basic operation is to build a sequence of s-tables Ei and 
substitution paths Si (i > 0). During the construction, we ’’mark” some entries 
of the table (to remember that the substitution for the corresponding variables 
has already been generated) . 

1. Set z = 0. Let Eq = S, sq be the empty list. All entries of Eq are unmarked. 
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2. Take any unmarked entry {t, L(t),U(t)) of such that both L(t) and U{t) 
are not empty and mark it. We then distinguish two cases; 

(a) if there is a marked entry {u, L{u),U{u)) in Eii such that both L(u) = 
L{t) and U{u) = Uft) then define 

- as the table obtained by removing the entry for t in Si. 

- Si_|_i as the s.p. obtained by replacing t with u in Si. 

(b) Otherwise let t\,t 2 be two new fresh variables. Then: 

— Define Si+i as the s.p. obtained by adding [t := ii— *-t 2 ] ot the begin- 
ning of Si . 

— Define by adding to Si two new entries for t\ and t 2 , and set: 

L{ti) = U{C^S'i(ui) I ui^U2 G L(t)} 

U{tl) = U{^S-i(Ml) I Ul^U2 G Uft)) 

Lih) = \J{Lsiiu2) I ui^U2 G L(t)} 

U{t2) = U{C^S'i(M2) I Ui^U2 G Uft)} 

3. Repeat step 2. until there are no more unmarked entries with both a lower 
and an upper set nonempty. Let n be the last value of i. Return (S'„,s„). 

Note that each new upper and lower set built in step 2(b) contains only g.e.s 
already occurring in S. Then there is only a finite number of possible upper and 
lower sets that can occur in the tables Si. Owing to step 2(a) we get immediately 
the following termination property. . 

Lemma 3. The construction in Def. 6 is always terminating. 

It also easy to verify by induction on i that, in the construction of Definition 6 , 
each Si is closed and consistent. More generally we have the following property. 

Lemma 4. Let S be a consistent closed table and let solve(S') = {S',s). Then 
S' is consistent and closed, and each of its solutions is also a solution of S. 

We now get to the main result of this section. 

Proposition 1. Any consistent closed s-table S has a solution. 

Proof hint. Let solve(S') = {S',s). By Lemma 4 it is enough to find 
a solution for S' . Let S denote the subset of dom(S'') containing the variables 
having an empty upper or lower set. First define a ground substitution 70 , having 
domain S, by 

J 7 o(t) =LO if C/(t) = 0 
\loit) = _L if L{t) = 0 

Now let s = (e„, . . . , ei) for some n > 0. Starting from cto = 70 define a sequence 
of ground substitutions ai for 0 < i < n in the following way. 

Let ei_|_i = [ti+i := u^v] and let A = Ui{u^v). Then 

- If ti+i does not occur in A then take cFi+i = \ti+i '■= M ° 

- otherwise (ti+i occurs in A) take cFi+i = [ti+i := pti+i.Ad\ o Cj 

It is easy to see that (t„ is indeed a ground substitution. Moreover (t„ gives 
a solution of S' and then of S'. <0 

Corollary 1. A consistent table has a strong solution. 
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3.3 Finding a Solution Scheme 

In Proposition 1, it is proved that a consistent table admits at least one ground 
solution. Actually we are rather interested, in the type inference procedure, to 
give a readable characterization of a large set of solutions of a table, possibly 
all of them. Let us define a solution scheme for an s-table S' as a substitution cr 
such that 7 o (7 is a solution of 0 for all ground substitutions 7 . 

In this subsection we define a simple algorithm that builds a solution scheme 
for a given table. The scheme that we obtain may fail to capture some solu- 
tions; these could be represented only at the cost of introducing more complex 
subtyping expressions. 

In building a solution scheme for an s-table we first define a function collapse 
that “flattens” a table 0 into a simpler one E' , preserving most of the solutions 
(but not all of them) . From the flattened table E' we can get in a rather standard 
way a solution scheme for 0. In these steps, w-reductions are not considered, so 
we can describe our construction for simple tables. 

We first give some definitions. An entry for t of a consistent simple table E 
is simple if either both L{t) and U{t) contain only basic types or L(t) U U{t) 
contains only one expression (of the form u^v). A entry is complex if it is non 
simple and L(t) U U{t) contain at least two type expressions having ^ as type 
constructor and no basic types. In all other cases we say that the entry is easy. 
We have to be more precise about complex entries. An open entry is L-complex 
if U{t) = 0, U-complex if L{t) = 0 and L-U-complex if both U{t) ^ 0, L(t) ^ 0. 



Definition 7. Let E be a simplified table. Then collapse(S') is a pair {E' , s) 
where E' is an s-table and p is a trivial substitution. The function collapse 
is defined by the steps given below. Also in this case the basic operation is to 
build a succession of s-tables Ei and trivial substitutions pi (i>Q). During the 
construction, we assume that we are able to mark (and unmark) some entries of 
the considered tables. Take Eq as E in which all easy entries have been marked 
and pq as the empty substitution. Repeat the following steps until there are no 
more open non marked entries in Ei. 

1. Take any non marked complex entry {t,Lt,Ut) of Ei and let 

L(f) VJUif) = {uk^Vk I l<k<p] 
for some p > 1. 

2. Take two fresh variables u, v and define the substitution 

p* = [ui := u, . . . , Up := u,Vi \= v, ... , Vp := v] . If some Ui is t itself then 
take t instead of u, and similarly for v. 

3. Add to Ei two entries {u,L{u),U{u)), {v, L{v),U{v)) and set 

- L{u) = [j{Lsfiuk) I 1 < fc < p} 

-Ufa) = [j{UEi{uk) I 1 < fc < p} 

- Lfv) = [MTsfivk) I 1 < A: < p} 

- Ufu) = [S{UEi{vk) I 1 < fc < p} 

f. Remove from Ei all entries for the variables Ui,Vi and compute 
E' = closure(p*(S'i)). Keep in E' the marking of E . 
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5. If is consistent then mark the entry for t and set and Pi+i = 

p* o Pi- Otherwise take as Si and mark the entry for f^ 

Let n the final value of i. Then return {Sn,pn) 

Basically, the key step in procedure collapse consists in reading the various ex- 
pressions that occur in the lower and upper sets of a given entry for t “transver- 
sally”, and map all the variables read this way to a single variable, that can in 
particular be t itself. 

The last step in the construction of the solution scheme for a table is the 
definition of a substitution. This construction is similar to that given in the 
proof of Proposition 1. 

Definition 8. Let S he a consistent table and let {S' , p) = collapse(S'). Let 
t\, . . .tn he the variables corresponding to the entries of S' . The canonical substi- 
tution as associated to S is defined by constructing, iteratively on i, a sequence 
of substitutions Ui (0 < i < n) in the following way. 

Let (To = p. 

Given Ui, let (ti+i, Li+i, C/i+i) (0 < i < n) he the entry for in S'. Distin- 
guish the following cases: 

1. If Ui+i = 0 and contains basic types admitting a l.u.b. k, then define 

(Ti+i = [ti+i := o ai, where f = uj if Li+i also contains arrow types, £, = k 

otherwise. 

2. Proceed similarly when = 0, replacing l.u.b. with g.l.b. and uj with T. 

3. If Li+i U Ui+i = {ui+i^Vi+i} , let A = ai(ui+i^Vt+i). Then: 

- if ti+i does not occur in A then set (Ti+i = [ti+\ := A\ o ai; 

- otherwise (ti+\ occurs in A) set ai+i = [ti+i := o ai. 

4 . Otherwise (because of step 5. in Def. 1) exactly one of Li+i,Ui+\ is empty, 
and there are at least two different arrow types in U f7i+i . Then set 
ai+i = [ti+i := o ai where is T if Li+i = 0 and lo if Lfi+i = 0. 

Note that case 4. occurs when either or Ui+\ contains two arrow g.e. which 
cannot be unified without making the table inconsistent (see case 5. of Def. 7). 
In general, to get more informative types, we avoid the use of T and uj whenever 
possible. 

Lemma 5. Let S be a consistent table. Then as is a solution scheme for S . 

Remark 2. In some cases the solution scheme we get is the most general one. 
For instance if a simple table El can be solved without use of subtyping and 
recursive types (i.e. using only simple types without subtyping) cr=' characterizes 
all solutions of E. 

^ It can be shown that this is liable to happen only if the entry for t in Si is L-complex 
or U-complex; indeed, the closure condition insures that if the entry for t in Si is 
L-U-complex then S' is consistent. 
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3.4 us Reductions 



In order to take into account the non-homogeneous nature of the type assignment 
system (the lo type has a somewhat particular behaviour), we equip the system 
with a w reduction rule for tables, which corresponds to assigning type uj to 
some of its entries and simplifying the table accordingly. By choosing different 
variables we can reduce the table in different ways, so the uj reduction relation 
is not functional. 

The reduction of tables is denoted by 0 =>_r 0', where 0, O' are tables. We 
first define a function that represents an elementary reduction step. 

Definition 9. If 0 is a table and t a variable occurring in some guards ofO such 
that U 0 (t) is empty (or contains only uj), then red(j(0,t) is the table obtained 
by applying to 0 the following steps. 

1. Eliminate from 0 all the g.e.s that have an occurrence oft in their guard. 

2. Set both the upper and lower set oft to {w}. 

3. Apply the function closure to the resulting table. 



The application of closure in step 3. is there to propagate lo in the table. The 
UJ reduction relation for tables is defined by the following rules: 

0 0 ' t € dom(0') 



(asl) 0 0 



{uj — red) 



0 red^(0',t) 

Note in particular that the reduction step can be applied with any variable in 
dom(0'). The following is easily proved: 

Lemma 6. Let 0 =>r 0' . Then any strong solution of 0' is a solution of 0. 



4 Type Inference 

4.1 Operators on Tables 

We will need in the following a couple of operators to handle tables. 

Definition 10. (i) If 0i and 02 are two (closed) tables, then 0i l±) 02 is the 
table defined by merging them and applying closure. 

(ii) If g is an elementary g.c. and 0 is a table, then addtable(0, g) is the table 
obtained from 0 by adding the constraints in g and applying closure to the 
resulting table. 

Definition 11. If 0 is a table and w a guard, then uf>0 is the table obtained by 
replacing the guard w' of each g.e. occurring in the L and U sets of 0 by w>w' . 

Let 0 be a table and V a set of type variables. The function simplify extracts 
from a table 0 the subpart of it which is relevant for finding the solution relative 
to the variables in V. In particular 

simplify(0, V) 

is the table 0 ' obtained from the empty table through the following steps: 
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1. Put in O' all the entries for variables in V. 

2. Add to O' all the entries of variables which occur in the upper or lower sets 
of variables already in O' . 

3. Repeat step 2. until no other entry can be added to O' . 

It is easy to see that if 0 is a closed table, so is the case for simplify(0, V) as 
well. Moreover, the basic property of simplify(_, _) is the following. 

Lemma 7. Let O' = simplify(0, V). Then any solution of O' can be extended 
to a solution of O. 

4.2 Prom Terms to Tables 

The inference procedure we define in this section will yield, for each term M de- 
fined inside a set D of CuCh definitions, a characterization of all possible typings 
of M in D with respect to the system of Fig. 2. In our approach this character- 
ization will be given by a set of consistent tables, whose solutions characterize 
in a complete way all possible typings of M . 

Our type inference method is defined by a set of rules in Natural Semantics 
through a judgment of the form 

A \-Ti M ^ r\t\o 

where M is a term, t is a type variable representing the type of M, T a typing 
context and 0 a consistent table. The context ^ is a finite function mapping 
identifiers x (used in CuCh definitions) to pairs of the shape (t, 0) where t is a 
variable and 0 a table representing the constraints that characterize the type 
of X. The intuitive meaning of this judgment is that typing M starting from A 
we get a context T' and a table 0 which characterizes the typings of M, whose 
type is associated to the variable t. The definition of judgment \~ti involves 
the application of the reduction relation in a nondeterministic way. This is 
essential to have a complete inference procedure. We will define later a heuristic 
to avoid nondeterminism and produce a more practical typing procedure. Indeed 
the cases in which the use of nondeterministic reduction is needed seem to occur 
rarely. 

Type inference for definitions is based on a judgement of the shape 

\~Di D ^ A, 

where 0 is a sequence of CuCh definitions and A characterizes the generated 
type environment. Informally, tables will be brought along in the computation 
and progressively updated as we get new information about the term, thus pro- 
viding the incrementality of our approach. 

In the inference rules T ranges over sets of statements of the shape x : t 
where a; is a term variable and t a type variable. We define an auxiliary function 
on contexts, called merge, to merge the assignment contexts. In particular 

merge(ri,r2) =< T, p > , 

where p is the trivial substitution (only a variable renaming) that identifies all 
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(and only) the type variables which are predicates of the same term variable in 
Fi and l 2 and F = p(A) U piF^). We shall use merge (which is associative) also 
with more than two arguments. 



Canonical tables For each constant c of the language, we shall assume that we 
have a (closed and consistent) canonical table 0 “"(c), representing the type 
constraints that characterize the typings of c. The root variable of 0'^“"(c) is the 
variable representing the type of c. For example 0'^“"'(n), where n is any integer 
is given by^: 

t I f : int I 

whose root variable is t while 0‘^°‘^(succ) where succ is the integer function is 
given by: 



t u^v 
u 

V t : int 



t : int 



The description of canonical tables we give does not tell how such tables are 
built — although we hope that an intuition can be found in the examples above. 
For the moment, we rely on an assumption that such tables “have the right 
shape”; the treatment of datatypes described in Sec. 5 will provide precise defi- 
nitions. The type inference procedure for terms and definitions is formalized on 
Figure 3 as a set of natural semantics rules. 

Rule {Tapp) is the only case in which we can reduce the size of the table by 
applying simplify. The type inference relation is non-deterministic owing to the 
possibility of o;-reducing O in rule (Tapp). This corresponds to the possibility of 
applying a (w) rule to different subterms of a given term. The different tables 
produced by a w-reduction of 0 can have uncomparable sets of solutions. So 
if one sees the table produced by the type inference procedure as a kind of 
” principal” type we could say that a term has in general a finite set of principal 
types. 

Let now and denote derivability in the system obtained from the 
one in Fig. 3 by eliminating in rule (Tapp) the possibility of using (a;)-reduction 
to get a consistent table. Note that in this system type inference is deterministic 
and the table resulting from the analysis of a program is unique. 

The following theorem states (in a somewhat simplified form to make it 
more readeable) the soundness and completeness of the inference procedure with 
respect to the rules of Fig. 2. 



Theorem 4. (i) Let D be a list of CuCh definitions and M a term and let 

\~r>i D ^ A and A. \~ti M F \ t \ 0 
for some A, F and 0. Then there is a type environment A such that for all 
ground substitutions 7 solving 0 we have 

^ A table is represented by a column of entries, where an entry for a variable t is 
represented by t \ L{t) \ U{t). 



66 



Mario Coppo and Daniel Hirschkoff 



{Tvarl) ^ X ^ {X'.t} \t\^ (Tvar2) ^ \~TI ® ^ 0 | ^ | 6> 

(if X ^ dom(^)) (if x : {to, &o) £ A) 

where f is a fresh variable where {t, 0) = new{M.{x)) 

(Tconst) A \~Ti c =i> 0 I f I neui(0“"(c)) 
where t is the root variable of nein(0'^“"(c)) 

A \~TI M ^ r,X\u \ V \ 0 

(Tx) 

A \~Ti \x. M ^ r \ t\ addtable(f[>6*, {t\G (m— < t)}) 
where m is a fresh variable 

A \~Ti M ^ r\\u \ 01 A \~Ti => -Tb I w I 02 
(Tapp) ^ ^ 

A \~Ti M N ^ p{r) I t I simplif y(0 , t) 
where t is a fresh variable, < F, p > = merge (A, A) 

0 = addtable(p(0i) 1+) p( 02 ), {t:a (p(w) < p(r)^t)}), 
tl>0 0 ' , and 0 ' is consistent 

\~Di D => A A. I : {t, 0) \~Ti M 0 I u I 0 

{Do) \~Di 0 0 {D more) 

hoi D, I := M => A. I : {t, closure([u := t]0 )) 



Fig. 3. Type inference procedure 

hdef D =h A and A,^{F) h M : j{T) . 

Conversely, for all ground F' and T' such that for some type environment A 
hdef D ^ A and A, T h M : T , 

there is a ground substitution 7 ' solving O and such that F' = j'{F) and T' = 

i{i)- 

(ii) The same property holds by replacing h~ with h, i.e. type inference without 
ui-reduction corresponds to deductions not using the (w) rule. 

The typechecking procedure defined in Fig. 3 keeps the whole table as an internal 
representation of the typing of a term. The table is indeed the only way of 
representing the “most general” typing. Taking the canonical substitution for 
a table defined in Sec. 3.3 we can give, however, a readeable representation of 
the typing of a term. As remarked in Sec. 3.3 this implies a possible loss of 
information, but only at the level of interface with the user. 

Lemma 8 . Let hoj D ^ A and A Ft/ M ^ F\t\0. Then there is a typing 
context A such that \~def D ^ A and A,(j 0 {F) h M : <T 0 {T) 
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Remark 3. There are interesting cases in which the typing scheme determined 
by a canonical substitution is complete. For example, by Remark 2, this happens 
when a term has a type in the standard ML type system (without subtyping). 
In this case we get the very type scheme produced by the ML typechecker. 

4.3 A Heuristic to Handle u> Reductions 

The type checking relation defined in subsection 4.2 is not deterministic, due to 
the presence of w-reductions, but we are interested in turning it into a deter- 
ministic process, in order to get a reasonably efficient implementation of type 
inference. Of course, we do this at the cost of losing the completeness of the 
inference procedure. 

We present here the basic intuitions behind a heuristic to transform a (closed) 
table that is not consistent into a consistent one. We have then to apply the 
reduction relation to eliminate the constraints on variables with respect to 
which the table is not consistent. This actually means simulating an application 
of rule (w) to the subterms for which we are not able to find a meaningful type. 

Since we want to preserve as much information as possible, our strategy 
is to try to apply rule (w) starting from the inner subterms. To do this, we 
exploit the notion of guard. We rely on the assuption that guards are kept 
topologically sorted w.r.t. the inclusion of the corresponding subterms when 
building the table, so that we can easily have access to an innermost guard in 
the sense of the subterm relation. The heuristic anihilates those entries in U 
and L sets that cause inconsistency by triggering their corresponding innermost 
guard. Moreover, when doing this, we choose if possible to perform o'-reduction 
on variables having an empty U set. Indeed, putting a type variable v to u has 
the effect of “pushing” to uj every type possibly occurring in the U set of v, and 
we want to keep the effect of w-reductions as local as possible in order to keep a 
meaningful typing information. 

The precise design of our heuristic involves some choices at several steps, in 
particular when selecting the constraint we eliminate, and the guard we trigger 
(when several type variables may apply). We have been experimenting with 
our tool in order to understand these tuning issues, but we do not have enough 
insight to explicitely choose a deterministic way to perform w-reductions. For this 
reason, we have decided to keep the explanations about our heuristics informal, 
and just sketch here the main ideas. 

5 Adding User-Defined Datatypes 

In this section, we show how our framework for type inference can be adapted 
to a richer language allowing the user to define his own datatypes. 

Introducing datatypes The syntax we adopt for datatype definitions is as follows 
DType D[Xi,...,Xk] is : arg[Tl; . . . ;T^J, . . . , : arg[Ti;^; . . . ;T^J , 
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where the XiS are the parameters of the datatype and each TJ is either a parame- 
ter Xj or another datatype (possibly D itself) having the shape Tij[Xi , . . . , Xk]. 

The definition above reads “D is a datatype that has n constructors and k 
parameters Xi, . . . , Xk; each constructor cf, for 1 < i < n has type 

Tl^...^Tf,^^D[X,,...,Xk] 

where the TiS are either parameters or datatypes” . Note that nested arrow types 
are not allowed in the definition of constructors. 

Example: In this framework, the declaration of the dataype List would be: 
DType List[X] is Nil : arg[], Cons : arg[X; List[X]] 



CuCh Definitions Having introduced datatypes, we can enrich the shape of def- 
initions and take into account declarations of the following form: 

f Xi . . . Xrrii) = e. 

e is an expression possibly containing occurrences of the XiS and f . Such defi- 
nitions are used as an alternative to the case construct (a case-like definition 
can easily be translated into a set of recursive equations). Taking into account 
this kind of definition in the typing and type inference rules then imposes to 
enrich locally the typing context with hypotheses for the XiS. This extension is 
quite natural but would require some more work on the technical details of the 
system, which are left out of this presentation. 

Structural subtyping In the extended framework of this section, we obtain a richer 
notion of structural subtyping on datatypes. This relation, written D C D' , 
means that datatype D is “structurally smaller” than D' . Fig. 4 gives the cor- 
responding rules. Let us make a few comments about the definition of C. It 




Fig. 4. Structural subtyping relation 
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has first to be noted that one can always suppose that both datatypes have the 
same number of parameters, some of them possibly being unused in the smaller 
type. Moreover, as the context of typing assumptions is empty in T/ < T'\ (rule 
(He)), this condition means that either Tl and T'\ are comparable datatypes, or 
they represent the same type variable. Rule (Sd) makes the link with the rules 
of Fig. 1, by allowing one to inject C into <. 

Examples: let us illustrate the meaning of relation C on two examples. 

(i) — consider the datatypes of booleans and tri-valued tags, defined as follows: 

DType Bool is true : arg[], false : arg [] ; 

DType Bool' is true : org[], false : arg[], unknown : arg[] . 

It holds that Bool C Bool' , because Bool' has two constructors in common with 
Bool, and one extra constructor (no parameter is involved here). 

(ii) — suppose now we want to tag a term (of any type) with an element of Bool 
or of Bool'; this would lead to the following definitions: 

DType Tagged[X] is c : arg[X, Bool]; 

DType Tagged'[X] is c : arg[X, Bool'] . 

We can derive Tagged C Tagged': indeed, they have the same number of param- 
eters and we can derive both subtyping judgments X < X and Bool < Bool' for 
their first and second argument respectively. 

Remark 4 (Real numbers). The framework we have introduced does not make 
it possible to introduce a datatype real for real numbers, as presented in Sec. 2. 
However, there is a priori no difficulty in mixing the approach we have adopted 
until this section with the introduction of user-defined datatypes, and keep an 
axiomatical presentation of real numbers, together with the base rule int < real. 

Canonical tables We now explain how to construct canonical tables, as used in 
subsection 4.2, for datatype constructors. 

Definition 12 (Canonical table for datatype constructors). 

Consider a datatype D, with its parameters Xi, . . . , X^. Recall that a datatype 
constructor cf* (we shall abbreviate it simply to c) is defined by arg[L], where 
L = T(, . . . ,T(^.. We now define a function returning a pair (0'^“”(c),f) where 
is the canonical table associated to constructor c and t is the corre- 
sponding root (type) variable. 

Let Ml, ■ ■ . ,Uk be fresh variables, we let a = {Xi := ui, . . . ,Xk : m^}, and 
define as the table consisting in the k rows of the form Uj | 0 | 0, l<j<k. 

The result is then defined by recursion over the list L of “arguments” of c: 

— if L = [], take a fresh variable v, and 

return (addtable(6>^“’^“™, {u :g (H[mi, . . . , Mfc] <m)}),m); 

— if L = T(, ... , Tf,., compute the canonical table for T), ... , Tf,., yielding 
{0,f). Then distinguish two cases, according to the shape ofT): 

• if T{ is Xp for some p, then let v be a fresh variable; 
return (addtable(Ml>6>, {m:g (wp^t < '*^)})j^)/ 
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• otherwise, let T^ = D'[Xi,. . .,Xk] and let v and v' he two fresh variables; 
return (addtable(?;'l>6>,{z;' :a {v^t < v'), [v'\ :c (v < D'[Xi,. . .,Xfc])}), ?;') . 

Note that by definition, 0'^“"(c) is already closed and consistent (consistency 
is insured by the fact that there is no application). 

To evidenciate the dependency towards type variables, we can adopt the 
notation 0“"'(c)[ui, . . . ,Uk,v\, . . . t being the root variable of 6>“"(c) 

and , . . . , Vm the type variables introduced during the analysis of L described 
above. 

Example: consider the list constructor cons, of type X^list[X]-^list[X\, its 
associated canonical table is 









Ul 


t : 


{ui- 


->Vi) 


t 


t,Vi 


{t2- 


-^V2) 


Vl 








t2 


t,Vi,V2 


: list[ui] 


V2 



t, V\,t 2 : list[ui] 



Note that variables t\ and u\ collapsed, and we only keep u\. Here are the scopes 
of the type variables: 

Vl 



V2 



cons 



underbrace X — > list[X] — > list[X] 



D = list[X\, u\ = X . 



The canonical tables we build can then be inserted in the type inference frame- 
work according to rule (Tconst) of Fig. 3. 
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A A Detailed Example 

We illustrate the way our procedure works on an example, that shows the build- 
ing of the table and the treatment of what would be considered as typing errors 
in a classical setting. This example is studied with an implementation of the 
algorithms we have described — the source code is available at 
http : //www. ens-lyon.fr/~hirschko/typetables. 

The user of our system introduces definitions of terms, and the system an- 
swers by showing the corresponding table being constructed, and its evolution 
(as the closure function is applied). The initial environment contains several con- 
stants, such as elements of types bool, int, real, lists, and a few constant functions 
of types int^bool, int^int, etc. 

For the moment, we only have the implementation of the type inference 
procedure (table construction), and of the closure function. The generation of 
solutions and the heuristic to resolve inconsistencies are in beta version, and we 
leave their discussion to a later presentation of this work. 

We shall start with the definition 

M := \x y. ((y (x 3)) (x x)) 

By using x both in an auto-application and as function on integers, we force 
a typing conflict in the table that is generated (not leading to an inconsistency, 
though). The type inference procedure yields the following table: 

< i I {[!]. b->h} I {} > 

< h I {[i;h] . a->g} I -[} > 

< g I {} I {} > 

< f K> I O > 

< e I {> I {[i;h;g]. f->g} > 
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< d I {> I {> > 

< c I {[i;h;g;e;d] . INT} I -[} > 

< b I {}■ I {[i;h;g;f]. b->f ; [i;h;g;e;d] . c->d}- > 

< a I {> I {[i;h;g;e]. d->e} > 

Each line corresponds to a row in the table, and for each row, we successively 
give the corresponding type variable, and its sets L and U. For example, we can 
see that type variable a has an empty L set, and has the guarded expression 
\i] h; g; e] :cd^e in its U set. The system also gives some extra information: 

Current context is: M:i 

To help debugging, here are the "old" variable assumptions 
x:b / y:a 

This means that during type inference term variables x and y have been as- 
sociated to type variables b and a respectively. Using this information, we can 
reconstruct the structure of the term, by establishing a correspondence between 
the type variables and every subterm of the term M, as follows: 

i 

/ s 

h 

\x^.\y°‘.y (xS'^) {xx) 




a 



To compute this decoration, we reason like this: y xS) being of type e, we read 
in the row corresponding to e that e is less than /— (omitting the guards) ; as 
{x x) is of type /, we obtain that y x 3) xx) is of type g. We can also read the 
following type constraints: 

b < b^f b < c^d c > INT . 

The cyclic constraint on b comes from the auto-application of x, and the appli- 
cation of a: to 3 generates the two other inequalities. The system then applies 
the closure rules; the previous table being already closed, it remains unchanged 
in this case. The conflicts coming from the “non-standard” use of a; in M are 
not well visible on the table above. The type scheme for M produced by applying 
the canonical substitution defined in Sec. 3.3 would be J-—^{d—^f—^g)—^g. This 
looks certainly strange but is obtained without using any (oa) reduction. To meet 
real inconsistencies we need to go further in our session. 

Let us now define 

N := (M \z.z) 

After the application of the closure operation we get for N the following: 

The closed table is : 

< 1 I {[l;i;h]. a->g> I ■[} > 

< k I {[1;^. I { [1 ; i ;h; g; f ] . b->f ; [1 ; i ;h; g; e ; d] . c->d}-> 



Incremental Inference of Partial Types 



73 



* < j I ■C[l;i;h;g;f;k], j->j ; [1 ; i ;h; g; e ; d;k] . INT> I {} > 

< i I {[I;!]. b->h> I { [1] . k->l} > 

< h I -[[l;i;h]. a->g} I {} > 

< g I {} I O > 

* < f I { [1 ; i ;k;h; g; f ] . j->j ; [1 ; i ;k;h; g; f ; e ; d] . INT} I {}■ > 

< e I -[} I -[[l;i;h;g]. f->g} > 

* < d I ■[ [1; i ;k;h;g; e ;d;f ] . j->j ; [l;k; i ;h;g; e ;d] . INT} I ■[} > 

< c I ■[[l;i;h;g;e;d]. INT} I -[} > 

< b I •[[I;i;k]. j~>j} I f [I; i ;h;g;f ] ,b->f ; [I ; i ;h; g; e ; d] . c->d}> 

< a I -[} I -[[I;i;h;g;e] . d->e} > 

A star indicates the rows where a conflict is apparent (between an arrow 
type and datatype INT): this is the case for type variables d, f and j (that 
intuitively correspond to the points where the two different typings for x “meet” ) . 
However, the resulting table is still consistent, since the upper set is empty for 
these entries (which means that we can still use rule {Suj))- The type scheme for 
N that we get from the canonical substitution is now (w— i-w— >(;)— s-g. Note how 
this type, although meaningful, does not fully represent all the informations 
contained in the tables. 

Let us now define: 

P ;= (N (\u v.v)) 

we obtain a table which, after closure, indicates a root type variable q for the 
whole term whose corresponding entry is 

<q I {[r;q;l;p;g;e;f] . j->j ; [r ; q; 1 ;p; g; e ; f ; d] . INT} I {}> 

the table is still consistent but to solve it we are forced to take q = oj. This 
is meaningful since this type is obtained without using the uj reduction (i.e. 
in the system h“), and this guarantees that the term can be reduced without 
encountering bad applications. 

Indeed the right type for P would be int. But if we try now to typecheck the 
expression: 

(S P) 

where S is the constant for the successor function of type int— >int we get an 
inconsistent table containig entries like this: 

<t I {[v;u;t;o;s;j;h;i]. m->m; [v;u;t;o;s; j ;h;i;g] . INT} I 
■[ [v;u; c ; a] . INT}> 

However with an uj reduction we are still able to infer the correct type int for 
(S P). 
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Abstract The aim of this paper is to study the notion of separability 
in the call-by-value setting. 

Separability is the key notion used in the Bohm Theorem, proving that 
syntactically different /liy-normal forms are separable in the classical 
A-calculus endowed with /3-reduction, i.e. in the call-by-name setting. 

In the case of call-by-value A-calculus endowed with /3.„ -reduction and 
? 7 «-reduction (see Plotkin [7]), it turns out that two syntactically different 
/3?7-normal forms are separable too, while the notion of /3„-normal form 
and ? 7 „-normal form is semantically meaningful. 

An explicit representation of Kleene’s recursive functions is presented. 
The separability result guarantees that the representation makes sense 
in every consistent theory of call-by-value, i.e. theories in which not all 
terms are equals. 



1 Introduction 

The call- by- value A-calculus (A/3„-calculus) and the operational machine for its 
evaluation has been introduced by Plotkin [7] inspired by the seminal work of 
Landin [4] on the language ISWIM and the SECD machine. 

The A/3„-calculus is a paradigmatic language able to capture two features 
present in many real functional programming languages: call- by- value parameter 
passing and lazy evaluation. The parameters are passed in a call-by-value way, 
when they are evaluated before being passed and a function is evaluated in a lazy 
way when its body is evaluated only when parameters are supplied. 

In this paper we are dealing with pure (i.e. without constants) version of 
A/3„-calculus. Plotkin has endowed this calculus by two rules, namely f3y and rjy, 
which are obtained by restriction from respectively /3-rule and 77 -rule of classical 
(call- by-name) A-calculus. This restriction is based on the notion of value. Values 
are either variables or abstractions. 

Formally, the /3„-rule is: {Xx.M)N — > M[N/x], if and only if A is a value. 
Let =/ 3 „ be the congruence relation induced by the /3„-reduction. A term M £ A 
is said valuable if and only if M P, for some value P. 
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Plotkin has proved that the A/3„-calculus enjoys some basic properties we 
expected from a calculus, namely Church-Rosser and standardisation property. 

However in standard A-calculus there is another fundamental theorem: Bohm 
Theorem [2]. 

The standard notion of separability is: “two terms M, N are separable if and only 
if there exists a context C[.], such that C[M] =p x and C[N] =p y, where x,y 
are different variables” (see [1,8]). The Bohm Theorem says that two different 
/3?7-normal forms are separable. 

The importance of Bohm Theorem has been pointed out by Wadsworth, 
which in [9] says: “The Church-Rosser Theorem shows that distinct normal forms 
cannot be proved equals by the conversion rules; the Bohm Theorem shows that 
if one were ever to postulate, as an extra axiom, the equality of two distinct 
normal forms, the resulting system would be inconsistent”. 

In particular, the Bohm Theorem allows the coding of computable func- 
tions in A-calculus, since by representing different natural numbers by different 
/3?7-normal forms, assures that they are different in every consistent A-theory. 

It is natural, to state that two terms M, N are v-separable if and only if there 
exists a context C[.], such that C[M] x and C[N] y, where x, y are 
different variables. 

The naive adaptation of Bohm-Theorem to call-by-value A-calculus would 
be: 



“two different /J^Ty^-normal forms are ^-separable” . 

It is immediate to check that two syntactically different /3„r7„-normal forms 
are not always separable, for example consider the following terms: Xx.xxx and 
Xx.{Xz.xxx){xx). Thus, /3„?7„-normal forms are not semantically meaningful. 

Actually, there is a subtler problem with /J^Ty^-normal forms. Let I = Xx.x, 
A = Xx.xx and M = {Xx.A){xI)A. Clearly M is a /3„?7„-normal form (since 
xl is not a value), but you can check that C[M] x implies C[A^j — x, 
for all N G A. Terms as M are discovered and studied in [5], [6]: a term is 
said potentially valuable if and only if there exists a substitution that make it 
valuable. Clearly, M is not potentially valuable. 

Plotkin in [7] gives simulations of call-by-value A-calculus in the call-by-name 
and vice versa, by using continuation techniques. Thus, he has implicitly showed 
that the computational power of the two calculus is the same. 

In this paper, an explicit representation of Kleene’s recursive functions is 
presented, based on a coding of natural numbers using fUrj-normal forms, as in 
the classical A-calculus case, but using the /3„-reduction as computational rule. 
Let n, n G N be different; if rh and n are their A-representation then rh and fi 
must be different in our theory. This is true in the call-by-value setting, since: 

“two different /^Ty-normal forms are r;-separable” 
whose proof is the most important result of this paper. 
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This separation result is based on the fact that every subterm of a /Jry-normal 
form is a potentially valuable term. 

The main difficulty in carrying out the proof of Bohm-Theorem, basically 
consists in handling open subterms that are neither values nor valuables (because 
they are in normal form). For instance, let M = x(xPq)Q and N = x{xPi)Q be 
/3?7-normal forms. A context C[.] w-separating M and N need to handle subterms 
as xPq, xP\ and Q by using the /3„-reduction. Thus, C[] needs being able to 
transform xPq, xP\ and Q in values, by a “uniform substitution” preserving the 
structural difference. Our main goal is to show as it is possible to build such a 
substitution. 

In the algorithm, some /3-reduction is taken in order to normalise terms after 
substitutions. Thus, an additional problem is to show that these /3-reductions 
can be “reconciled”, in some sense, with /3„-reduction. In general, from =/ 3 ^=/ 3 „ 
follows that separation results using /3-reduction as computation rule do not 
imply the w-separation results. 

The semantical consequence of the separability result, is that two different 
/3?7-normal forms cannot be equated in models of call-by-value A-calculus. 

A theory of call-by-value A-calculus is a congruence relation, containing the 
relation =/ 3 „. 

Let =r be a such theory; if M and N are i;-separable terms, such that M =q- N 
then =r is inconsistent, i.e. all terms are equals. In fact, if C[] is the con- 
text such that C[M] x and C[N] = 0 ^ y then P {Xxy.C[M])PQ 

{\xy.C[N])PQ = 0 ^ Q, for every P,Q € A. 

The paper is organised in the following way. In section 2 basic definitions 
and notions are recalled. In section 3 the notion of w-separability and similarity 
are introduced, together with the Separability Algorithm; furthermore, its ter- 
mination and correctness are proved. In section 4 a representation of Kleene’s 
recursive function for the call-by-value A-calculus is presented and proved cor- 
rect. 



2 A/3-calculus and A/3^,-calculus 

The pure language of A-calculus is defined as usual (see [1,8]). 

Definition 1. Let Var be a denumerable set of variables, ranged over x,y,z,... 

Let A be the set of X-terms M built by the following grammar: 

M ::= x\MM\Xx.M 

Let M, N, P,Q, ... to denote terms. A term of shape (MN) is said application, 
while a term of shape (Xx.M) is said abstraction. 
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Free and bound variables are defined as usual, FV{M) denotes the set of 
free variables of a term M and C A denotes the set of closed terms. Terms 
are considered modulo a-conversion, that is up to renaming of bound variables. 
M[N/x] denotes the substitution of N for every free occurrence of x in M, 
eventually by renaming bound variables of M in order to avoid a wrong binding of 
free variables of N. = denotes syntactical identity on terms, up to a-conversion. 
Xxi- . -Xn-M is an abbreviation for Aa;i.(A 2 ; 2 .(... (Xxn-M))) and Mi. . .Mm is an 
abbreviation for {{...{{MiM 2 )M^)...)Mm)- A context is a term containing some 
hole [.] . 

Definition 2. 

- The (3-rule is: (Xx.M)N — > M[N/x]. 

- The rj-rule is: Xx.Mx M if and only if x ^ FV{M). 

- The (3y-rule is: (Xx.M)N — > M[N/x] if and only if N £ Val; 

where Val = Var U {Xx.M \ x £ Var and M £ A} is the set 
of values. 

- The rjy-rule is: Xx.Mx M if and only if x ^ FV{M) and M £ Val. 

Let o G {(3,rj, (3y,riy., (3ri, (dyTjy} then and =o denote respectively the 

contextual closure of o-rule(s), the reflexive and transitive closure of and the 
reflexive, symmetric and transitive closure of — >o. 

A term M is in o-normal form (noted M £ o-nf) if and only if, in M there 
are no occurrences of o-redexes, i.e. there are no subterms that can be o-reduced. 

It is well-known that the /3-normal forms have the shape: Xxi. . .Xn-xMi. . .Mm 
where n, m > 0 and all Mi are in /3-normal forms. While, the shape of a 
/3^-normal form is: Aa;i. . .Xn-f,Mi. . .Mm where n,m > 0, all Mi are in /3^-normal 
forms and ^ £ Var or f = {Xx.P)Q, with P,Q £ /3„-nf and Q ^ Val . 

Definition 3. 

— M £ A is valuable if and only if M N £ Val, for some N £ A. 

— A term is potentially valuable if and only if there is a substitution s of values 
for free variables such that s(M) is valuable. 

The set of potentially valuable terms, noted Vy has been completely charac- 
terised in [5,6]. 

Let I = Xx.x and A = Xx.xx. Note that x{IA) and {Xy.A){xI)A are two not 
valuable /3i,-normal forms; moreover, only the first term is potentially valuable. 

Let M = zMqMi, Ml £ Val n A° and z ^ FV(Mq). It is possible to build 
a context C[], such that C[M] — Mi, only under the necessary and sufficient 
condition that Mq is a potentially valuable term. Thus a term is potentially 
valuable if and only if it can be erased, or simply handled by /3^-reduction, after 
some substitution. 

It is easy to check that every /3-normal form M is a potentially valuable 
term; furthermore, recursively a subterm of M is a /3-normal form too, and 
so a potentially valuable term. 
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Definition 4. Let M € (3-nf; step[M] is the natural number given by: 

— step[xMi. . .Mm] = 1 + step[Mi] + ... + step[Mm] 

— step[Xy.N] = 1 

step is a structural measure on term, considering recursively the number of 
arguments of head variables not under a A-abstraction. See [.5,6] for more details. 
Clearly, VM e /3-nf e N such that step[M] = n. 

Lemma 1. Let M G f3-nf, FV{M) C {ii,. . .,a;„} and r > step[M], If Qj = 
Axi- . .Xr-i-Qj and Qj G Val (1 < j < n) then M[Q\/ Xim--iQ'n/ ^n] 
for some M G Val. 

Proof. By induction on step. Let step[M] = 1, thus M = Xy.N or M = x. 

If step[M] > 1 then M = xM\. . .Mm, so there exists k < n such that M' = 
M[Ql/xi,...,Ql/xr,] = QlM[...M'm, where M' = M,[Ql/ii, ..., (1 < 

i <m). 

step[M] = 1 + step[Mi\ and step[Mi\ > 1(1 <i<m) imply r > step[M] > m; 

moreover, by induction M' Mi G Val (1 < * < to). Thus M' 

Xxm+i---Xr-i.Qk G Val. □ 

In order to extend this property to every subterm /V of a /3-normal form M, 
let Vis be a structural measure on a /3-normal form, considering recursively the 
number of arguments of head variables. 

Definition 5. Let M G (3-nf; Vis[M] is the natural number given by: 

— V/s[a;Mi. . .Mm] = 1 + Vis[Mi] + ... + Vis[Mm] 

— Vis[Xy.N] = 1-1- Vis[/V] 

It is easily seen that VM G /3-nf 3n G N such that Vis[M] = n. 

Lemma 2. If N is a subterm of M G (3-nf then N G (3-nf and step\N] < 
Vis[M]. 

Proof. Trivial. □ 

Let to denote the strategy that reduce, at every step, the leftmost 
/3„-redex, not under the scope of a A-abstraction. This strategy is normalising, 
i.e. if the terms M G is valuable then 3M G Val such that M -^s M . The 
operational evaluation of call-by-value, showed in [7] by Plotkin, can be obtained 
by this reduction. Thus, in the section 4 we use the s-reduction. 

3 v-Separability 

Let us recall the formal definition of w-separability. 

Definition 6. Two terms M, N G A are v-separable if and only if 3C[.] such 
that C[M] X and C[/V] y, where x,y are different variables. 



Call-by- Value Separability and Computability 



79 



In order to design the u-separability algorithm, we introduce the notion of 
similarity between /3-normal- forms. 

Definition 7. Let M,N € P-nf, M \x\. . .Xp.xMi. . .M„, N \x\. . .Xp.y 
Ni. . .Nn with p, n > 0. We say that they are similar, noted if and only if 
X = y and Vi. Mi ~ Ni. 

The relation ~ is introduced in order to make explicit the interesting struc- 
ture of terms, for the separability goal (see [3]). 

Let M, N £ P~nf' it is easy to check that M =p N if and only if M ~ 

Definition 8. Let a he a sequence of natural numbers (e is the empty sequence) 
and M, N £ P~nf . 

M N if and only if one of following cases arises 

1. if X ^ y then M =p Xxi. . .Xp.xMi. . .Mm Aii. . .Xq.yN\. . .Nn =ri N and 
a = e; 

2. if \p — m\ yf \q — n\ then M = p\xi. . .Xp.xM\. . .Mm Xx\. . .Xq.xN\. . .Nn = 

pN and a = e; 

3. if Mi ^cr' Ni then M =p Asi. . .Xp.xM\. . .Mn Asi. . .Xp.xN\. . .Nn =p N 
and a = i, a' . 

The pi relation is formalised by the following lemma. 

Lemma 3. Let M,N £ P~nf . M p N if and only if M N , for some 

sequence a. 

Proof. Trivial. □ 

We will prove that two not similar /3-normal forms M, N are u-separable. 
More precisely, let FV(M) U FV(A^) C {z\,. . .,Zh}, M = Xzi. . .Zh.M and N = 
Xzi. . .Zfi.N; we will design an algorithm which, builds a context C[.] on M, N 
such that: 

— if M, N are closed then C[M] x and y, where x py. 

It is easily seen that M p N and C[Xzi. . .z/i.[.]] is u-separating M,N . 

If M, N £ Pp-nf and M p N then M N and M p N; thus, it would be 
clear that two different / 377 -normal forms will be v-separable. 

For sake of simplicity, in the algorithm description, we assume that all bound 
variables are denoted with a variable symbol different from each other (free or 
bound) variable symbol, in the same term. 

Definition 9 (Separability Algorithm). 

Let M, N £ P~nf M p N , x p y and r = max{V7s[M], l/is[A]}. 

The separability algorithm is a set of logical rules for proving statements of 
shape M,N C[.], where C[.] is a context. 
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Let I = \x.x, O” = Xxi- . -Xn-I, = Xxi. . -Xn-Xi and tt" = Xx\. . .XnZ.z 

Xi.. .Xn- 

XZ\. . ,Zn — l~ XiZi- . .Zji—i if Xi ^ Sj 



Furthermore, if S C V ar then Xtf, g = 



otherwise. 



V*- e /3-n/ 

V*- ,}/*!, m e P-nf 

p < q xM,. . . -Nn ^ C[.] 

XXi- . .Xp.xM\. . -Mm, Xx\. . .Xq.yN\. . .N^ => C’[[-]^a;i,{a;,y}---^a:,,{x,y}] 



( 1 ) 



V*- G P-nf 

V*. ,}/*!, N^ G /3-n/ 



p > q xM,. . .M^,yN,. . 



C[.] 



Xx\. . .Xp.xMi. . -Mm, XXi- . .Xq.yNi. . .Nn => C'[[-]-^a;i,{£c,i/}---^ 2 ;p,{a:,i/}] 



( 2 ) 



X ^ y s = max{r, m, n} 



xMi. . .Mm,yNi. . .Nn (Axy.[.])(Axi. . .Xs+m.S:){Xxi. . .Xs+n.y)!. 



( 3 ) 



m > n s = max{r, m, n} 



( 4 ) 



xMi.. .Mm,xNi. . .Nn 



(Ax.[.])0®+” L^{Xxi. . .Xm-n.x)y y 

s+n-m „,^_n 



m < n s = max{r, m, n} 



( 5 ) 



xMi. . .Mm, xNi. . .Nn (Aa;.[.])0 



s+m 



J{XXi. . .Xn-m-y) Sz...^ 



S+m— n 



Mk^Nk 



s = max{r, m,n} x ^ FV{Mk) U FV{Nk) Mk, Nk ^ C[.\ 
xMi. . .Mm,xNi. . .Nm ^ C[{Xx.[.])U^N..M 



s—m 



Call-by- Value Separability and Computability 



81 



Mk^Nk s = max{r, TO, n} x £ FV{Mk) ii FV{Nk) C'[.] = (Ax.[.])7t® 
Mfc € pT]-nf C'[Nk] Nk € Py-nf Mfc, Nk ^ C[.] 
xMi...M^,xNi...Nm ^ C[{\x.[.])Tr^ I lU^] 



In order to prove both correctness and termination of algorithm, we need 
some preliminary lemmas. 

Lemma 4. Let M,N £ (3-nf, r > max{Vis[M], Fis[Ai]} and C'[.] = (Aa;.[.])7r’'. 

1. 3M £ j3-nf such that C'[M] M and Vis[M] < Vis[M]. 

2. If P = xP\. . .Pp is a subterm of M then step[Pj] < r (I < j < p). 

3. If M N and C'[N] N £ jd-nf then M N . 

Proof. 1,2. By induction on M. 3. By induction on a. □ 

Lemma 5. Let M,N £ j3-nf, r > max{I/is[M], Vis[7V]} and C"[.] = [.] 

jrr vr 

^xi,{x,y}"-^xp,{x,y}- 

1. 3M £ j3-nf such that Cp[M] M and Vis[M] < Vis[M]. 

2. If P = xP\ . . .Pp is a subterm of M then step[Pj\ < r (I < j < p). 

3. If and C"[7V] N £ P~nf then M N. 

Proof. 1,2. By induction on M. 3. By induction on a. □ 

Be careful to understand the statement of Lemmas 4 and 5, since for some 
subterm M' of M, step[M'] < r but it is possible that Vis[M] > r. 

Lemma 6 (Termination). 

If M, N £ fi-nf and M ^ N then M, N => C[] . 

Proof. M ^ N implies M N, for some sequence of numbers a. By induction 
on a. Observe that the rules (3), (4), (5) are axioms and the rules (6), (7) follow 
by induction. Rules (1) and (2) must be followed, by a rule between (3), (4), (5), 
(6) and (7). □ 

Thus M, N £ /3-nf and M ^ N implies that there is a finite derivation such 
that M, N C[.]. 

Theorem 1 (Correctness). Let M, N £ fd-nf , M N and FV{M)UFV{N) C 
{Zi,..^.,Zh}. 

Let M = Xzi. . .Zh.M and N = Xz\. . .Zh.N . 

If M,N C[.] then C*[.] = C[Xz\. . .Zh.[.]] is a context v-separating M and N, 
namely C*[M] =/ 3 p x and C*[7V] =,g^ y, where x^y. 
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Proof. By next proposition. 



□ 



The use of /3-reduction in the rules (1), (2) and (7) of our algorithm cause 
some technical difficulty in the development of correctness proof, since the 
/3^-reduction cannot to execute, in general, the same redexes. In order to fill 
this gap, we will prove something more the statement of Correctness Theorem, 
namely the Proposition 1. 

Some observation is needed before to build the statement of Proposition 1. 
Let P G /3-nf and S', i? C Var. If xi G SHE then = xi and 

Otherwise P[XI^^sI^A\K^,rI^i] = ■ -Zr-Xi 

Zi. . .Zr/Xi]. 

Thus P[X:^,sI^A[K,.rI^A = P[K,.rI^i][K,,sI^A = P[K,.Rnsl^iV 
Furthermore, P[Xl.^^g/ xi][k^ / xi] = P[t:^ / xi][Xl^ g/xi] = P[7r''/a;i]. 

Proposition 1. Let P,QG f3-nf such that P ^Q. 

Let p > max{Pis[P], Vis[Q\\ and FV{P) U FV{Q) C {m^, ut}. 

Let Vi. Ui be values of shape tt*' or Xf. g, (Si C Var and r > p), such that Ui 
has shape Xf,, g, = Zi (in case Zi G Si) if and only if M = ZiMi...Mm or 

N = Z,Ni...Nn.' 

Let P' = (Aui. . .ut.P)Ui...UT =p M e P~nf, Q' = (Aui. . .ut.Q)Ui...UT =p N e 
(3-nf and t < T. 

If M,N ^ C*[] then C*[P'] x and C*[Q'] y, where x j^y. 



Proof. By induction on the derivation proving M, N C*[]. 

Note that M ^ N, Vis[P] < Vis[M], Vis[Q] < Vis[N] and for some subterm R 
of M or N, step[E\ < p, by Lemmas 4 and 5. 

Let M = Xx\. . .Xp.xMi. . .Mm and N = Aj/i. . .yq.yNi. . .Nn. 



(I) 






c*[.] ^ 



,{x,y}^ C[.] and 



Let P" = P'X^ . ,...X 

xi,{x,y} r 



P" G /3-nf. 

By induction x C[P"], but 



C[P"] ^ ^ C*[P'] 



C*[Q'\ =/ 3 „ y is similar. 

(2) Similar to case (1). 

(3) In such a case x ^ y and p = q = 0. Let P = Xwi. . .Wnp.wP\. . .Pmp & /3-nf 
(mp < to) and P' = (Awi. . .Ut.P)Ui . . .Ut xM\. . .Mm = M. Note that 

TO = TOp -I- T — (t -I- Up). 
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Since Vi. Ui S Val, then P' {Xwi. . .Wnp-wP{. . .P^ )Ut+i . . .Ut where 
P' = Pi[Ui/ui . . . Ut/ut] (1 < i < TOp). 

Moreover P' = ^^xP" . . .P^^Ut+up+i ...Ut^P" where P" = P-[Ut+i/wi . . . 
Ut+Up/Wnp] =/3 AVj (1 < i < mp) and Uj = Mj {t + Up + 1 < j < T). 



C*[P'] C*[P”] 

= {Xxy.x P" . . .P^^ 



Ut-\-7ip + l • ■ • Ux ) ( Axi . . .X s-\-m-^') ■ ■ -^s+n - ij) 

m 



I. ..I 



s 



i^Xi- . -Xs+m-X) Pi ■ ■ -Ppp^ U^j^p^ ,i...Ux P 



where 



pm ^ P^’[[Xxi...Xs+m-X)/x\[{Xxi...Xs+n-y)/y\\ 
U'j = Uj[{Xxi... 

^s+m ■ x)/x\[{XXi. . .Xs+n-y)/y\- 



Since FV{Pi) C {ui,...,ut\ 

P”[{Xxi. 

■ -^r+m ■ x)/x\[{Xxi. . .Xr+n-y)/y\ ~^*f}p Pi e Val 
by Lemma 1, so the proof is immediate. 



In the same manner C*[Q'] =/ 3 ^ y. 



(4) In such a case m>n, p=q = 0 and s = max{r, m,n}. Let P = 
Xwi. . .Wup-wPi . . .Prrip G /9-nf {nip < m) and P' = {Xui. . .Ut-P)Ui...UT 
xMi. . .Mjn = M. Note that m = nip + T — {t + Up). 

Since Vi. Ui G Val, then P' =f 3 ^ xPi . . .P!^JJt+np+i---UT = P" where 
P" = Pi[Ui/ui...Ut/ut][Ut+l/wi...Ut+np/Wrip] =/3 
(1 < i < nip) and Uj = Mj {t + Up + 1 < j < T) . 

C*[P'] =f3p C*[P"] 

= {Xx.xP”. . .P"^Pi+„^ + i...PT)0*+" PM {Xxi. . .Xra-n-S:)^-£ 

s+n-m 

=fjp P[U . -P:^UUnp + i-UT Pj^ . . .Xm-^.i) y^ = A 



where P/" = L’"[0®+”/a;] and Pj = Pj[0"+"/a;]. Since FV{Pi) C {ui, 
by Lemma 1 P”' =/ 3 „ A G Val. Thus A 0°{Xxi.. .Xm-n-x) y^^^=pp x. 

m—n 

On the other hand, 

<^*[<3'] =/ 3 , L^{Xxi. . .Xm-n-x)y y =/?„ y 

s+n-m 



for some valuable terms N{ and s + n+ l = n+(s + n — m) + 1 + (m — n) 
is the number of terms postponed to O®’*'" . 
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(5) Similar to previous case. 

(6) In such a case Mk,Nk € /3-nf, Mfc, Nk => C[.] and C*[.] = C[(Aa;.[.])C/| 

s—m 

Let P = Xwi - . .Wn^.wPi. . .Prrip G /3-iif (iTip < ui) and P' = {\u\. . .Ut-P) 
U\ . . . Ut xM\. . .Mm = M. Note that m = rup + T — {t + rip). 

Since VL Ui G Val, then P' {Xwi. . .Wnp.wP{. . .P^ )Ut+i...UT where 
P' = P,[Ui/ui...Ut/ut]. 

Moreover, P' xP{X . ,P" = P" where P'' = P'[Ut+i/wi...Ut+nJwnJ =0 
Mi (1 < J < rrip) and P” = Uj = Mj {t + rip + \ < j < T) . 

Pk = 0 „{Xui. . .UtWi. . .Wn^.Pk) Ui . . .Ut = 0 ^{Xxui. . .UtWi. . .Wn^.Pk) 

U^Ui...Ut =0 Mk since x ^ FV(Mfc), so by induction hypothesis C[P^'] =/?„ 

X. 



C*[P'\ =/3„ C[(Aa;.((Aui. . .u*.P)C/i...C/T))?7fc* /^] 

S—m 

= 0 ^ C[{Xx.xP^. . 

S—m 

= 0 ^ C[{Xxi.. .Xs.Xk)P^'. . 

S—m 

=/3. C*[Pn = 0 ^ C[P"] 

where P”' = P” [U^/x] Pi G Val by Lemma 1 , since FV (Pi ) C {ui , . . . , Ut } . 
Case C*[Q'] is very similar to the previous. 

(7) C*[.] = C[{Xx.[.])tt^ L^Ull Mk ^ Nk, x G FV(Mfe), C'[.] = (Ax.[.])^« 

S—m 

and Mk,Nk ^ C[]. 

Let P = Xw\. . .Wn^.wPi. . .Pmp G /3-nf {rrip < m) and P' = {Xu\. . .Ut.P) 
U\...Ut ^0 xMi. . .Mm = M. Note that m = rrip + T — {t + rip). 

P' = 0 ^xP{'. . .Pm = P" where P'' = Pi[Ui/ui...Ut/ut][Ut+i/wi...Ut+nJwnJ 
=0 Mi {I < i < rrip) and P" = Uj = Mj {t + rip + 1 < j < T). 

Let P'f!' = {Xxui. . .UtWi. . .Wnp.Pk)'!T^Ui...UT =0 Mk, so by induction hy- 
pothesis C[P^"] =/ 3 „ 2). 

C*[P'] = C[{Xx.{{Xui.. .ut.P)Ui...UT))n^ F^U^] 

S—m 

= 0 ^ C[{Xx.xPiX . .P")7T«^P*] 

s—m 

= 0 ^ C[(Axi. . .XsZ.ZXi. . .Xs)P”'. . .PmP^U^] 

S—m _ 

=0. CiUlPiU . .P"'^] C[Pn =0. C[Pl!'] = 0 ^ X 

S—m 

where P”' = P''[tt^ / x] Pi G Val by Lemma 1, since FV{Pi) C {u \, . . . , Ut\. 
Case C*[Q'] = 0 ^ y is similar. □ 
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4 Computability 



In order to show a representation of recursive functions, we need a numerical 
system; we will use the Barendregt system ([!]). Naively, T = Xxy.x denote True 
and F = Xxy.y denote False. 

The pair of terms M and N is represented by [M, iV] = Xz.zMN. 



Definition 10 (Barendregt Numerical System). 

- zero 0 = Xx.x 

- successor s = Xx.[F,x] = Xxz.zFx 

- predecessor p = Xx.xF 

- test for zero 5 = Xx.xT 



Conventionally, by an overlined mathematical entity we will denote the cor- 
responding A-term; for instance, 1 denotes Xz.zF(Xx.x) 

The Separability Theorem guarantees that different natural numbers are de- 
noted with different A-terms. Further, we use the reduction defined in sec- 
tion 2, in order to check that the representation can be used for computational 
goal, using the operational machine presented by Plotkin in [7]. 

Definition 11. A partial function f : N” — > N is v-definable if and only if there 
is a term f € such that: 

fxi. . .Xn f{xi,. . .,Xn) 

for all n-tuple of numerals xi ,. . ., Xn for which the function is defined, otherwise 
fxi- . .Xn must be not valuable. 

Our goal is to show that every recursive function is u-definable. 



Let zz be the following recursion operator (Xxf.f{Xz.xxfz)){Xxf.f{Xz.xxfz)); 
note that this term is different from the original operator introduced by Plotkin 
in [7], 

Theorem 2 (Recursion). If M € V then SM M{Xz.SMz), where z ^ 
FV{M). 

Proof. Let A = {Xxf.f(Xz.xxfz)). Clearly 

SM = {AA)M M{Xz.AAMz) = M(Xz.SMz). 



□ 

Note that E is not a fixed point operator, in fact EM M{Xz.EMz), 
where z ^ FV{M). 

If 6* is a fixed point operator then OM M{OM)\ but 0M is neither a value 
nor valuable, thus it cannot be used in a /3„-reduction in order to obtain the 
recursion. 



We start with primitive recursive functions, that are all total functions. 
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Lemma 7. 

Zero is v-definable: z = Ax.O. 

Successor is v-definable: s = Xx.[F,x] = Xxz.zFx. 
Projections are v-definable: IFf = Aa;i. . -Xn-Xi- 

Proof. Trivial. 



□ 



Lemma 8. 

Let h : N" — > N 6e a v-definable primitive recursive function and let g\,. ■ -,gn '■ 
pjm y-dgflnable primitive recursive functions. The following function f 

is v-definable 

f(xi Xm ) = . .,Xm), ,gn(xi,. . .,Xm))- 

Proof. By hypothesis there exists the terms h and gi,. . .,gn. 

Let / = All. ■ . .Xm) {finXi. . .Xm)- Thus, for all hi Tim 



fni. . .Hm ->-*s h{gi{ni,. . ,3n(?^iv • 



□ 



Lemma 9. Let h : > N &e a v-definable primitive recursive function 

and let g : N"* — *■ N 6e v-definable primitive recursive functions. The following 
function f is v-definable 

. X ( g{xi,...,Xm) ifk = 0 

^ ^ \h{f{k—l,Xi,...,Xm),k — l,xi,...,Xm) otherwise. 

Proof. By induction on k. There exists terms h and g, by hypothesis. 

Let M = Xtzxi. . .Xm-{{Sy){Xy.gxi. . .Xm){Xy.h{t{py)xi. . .Xm){py)xi. . .Xm))z. 



k = Q. 



k>Q. 



^MOni. . .Um M{Xz.zzMz)Oni. . .Um 

{5Q){Xy.gni. . .fim){Xy.h{{Xz.SMz){py)ni. . .nm){py)ni. . .hm))0 
T{Xy.gni. . .fim){Xy.h{{Xz.SMz){py)ni. . .fim){py)ni. . .hm))0 
{Xy.gni. . . 

Tim )0 gm. . .n m /(0,ni , Tim) • 

SMkni. . .7%m M{Xz.EM z)kfii. . .hm ~^*s 

{Sk){Xy.ghi. . .hm){Xy.h{{Xz.SMz){py)hi. . .hm){py)ni- ■ -nm)k - 

F{Xy.ghi. . .hm){Xy.h{{Xz.SMz){py)hi. . .hm){py)hi. . .hm)k — >■* 

h{{Xz.SMz){pk)hi. . .hm){pk)hi. . .hm) -^1 

h{SM{pk)hi. . .hm){pk)ni- ■ -nm) 

hf{k-l,ni,...,nm) k-l hi,...,hm^* 



h{f{k - l,ni,. . .,nm),k- l,ni,. . .,Um) 
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since by induction 

{SM{pk)ni. . .rim) /(^ “ ■ .,nm)- 



Now we prove that every recursive function is u-definable. As usual f(x) | 
and f{x) =_L mean that / is undefined in x, while f{x) | and f{x) yf-L mean 
that / is defined in x. If / is a m-ary recursive function, we must to check 
that fx\...Xm — >s f{xi,...,Xm) € V al if and only if f{xi,...,Xm) is defined. 
Actually, fx\. . .Xm is a u-unsolvable term (see [5,6]) if and only if f{xi,. . .,Xm) 
is not defined. 



Lemma 10. Let h : N”— *-N be a v-definahle recursive function and let gi,. ■ gn- 
N™ — > N &e v-definable recursive functions. The following function is v-definable 

f(xi Xm ) = h{gi{Xi,. . .,Xm), ,gn(Xi,. . .,Xm))- 



Proof, f is undefined if and only if there is a function between h, gi, gn 
undefined on its arguments, thus the proof follows by hypothesis that h, gi, ..., 
are u-definable recursive functions. □ 



Lemma 11. Let h : > N and g : N™ — > N &e a v-definable recursive 

functions. 

The following function f is v-definable 



, X ( g{xu...,Xm) ifk = 0 

^ ^ \h{f{k — l,Xi,. . .,Xm),k — l,xi,. . .,Xm) otherwise. 



Proof. f{k^x\,...,Xm) i if and only if f(k,xi,...,Xrn) P ^ Val. In fact 
f{k,xi,. . .,Xm) T if and only if, in the computation g or h are not valuable on 
some argument. □ 



Finally, we check the v-definability of minimalisation function. 

Let ft, be a binary recursive and total function and let a; € N. The minimali- 
sation function / : N — > N associated to ft : — > N is defined as 



fix) = tiy[h{x,y)] 



min{k G N | ft(x, k) = 0} if a such fc G N exists 
_L otherwise. 



Let ft be a total recursive function v-defined by ft, M = Xt.Xhxy.{{S{hxy))L 
{Xy .i{hx{sy))y and n G N. We want to check that: 

1. If /(n) J, then (SM)hnO fix). 

2. If /(n) t then (SM)hnO Pk, for all numerals fc, for some P £ A. 

Lemma 12. 

1. If h{n, k) = 0 then {SM)hhk — >* k. 
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2. If h{n,k) ^ 0 then (SM)hhk — >* {EM)hn{sk). 

Proof. By induction on fc. □ 

Lemma 13. Let > N be a v-definable total recursive function. If f{x) = 

^y[h{x,y) = 0] is defined for x = n then (SM)hhO f{x) where 

M = Xthxy.{6{hxy))I{Xy.t(hx{sy))y) 

Proof. Let f{n) = fc, thus fc the minimum number such that h(n, fc) = 0. By 
Lemma 12.2 we have 

(EiM)hnO — >■* {SM)hnk 

and by Lemma 12.1 we conclude. □ 

Lemma 14. Let fc : > N be a v-definable total recursive function. If f{x) = 

y,y[h{x^y) = 0] for x = n is always different from zero then Vfc (EiM)hnO — !■* 
Pk, for some P £ A. 

Proof. By Lemma 12.2 . □ 

Lemma 15. 

Let h : —> N be a v-definable total recursive function 

is v-definable: 

f{x) = yy[h{x,y) = 0]. 

Proof. Trivial, by using previous lemmas. 
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Abstract. We consider the job shop scheduling problem uni^Jm, where 
each job is processed once on each of m given machines. The execution of 
any task on its corresponding machine takes exactly one time unit. The 
objective is to minimize the overall completion time, called makespan. 
The contribution of this paper are the following results: (i) For any input 
instance of unit— Jm, with d jobs, the makespan of an optimum schedule is 
at most m + o{m), for d = For d = this improves on the 

upper bound 0{m + d) given in [LMR99] with a constant equal to two as 
shown in [S98]. For d — 2 the upper bound is improved to m + [ y/m ]. 
(ii) There exist input instances of unit— Jm with d = 2 such that the 
makespan of an optimum schedule is at least m + [ ydn ] , i.e., the result 
(i) cannot be improved for d = 2. (iii) We present a randomized on-line 
approximation algorithm for uniA-Jm, with the best known approximation 
ratio for d = (iv) A deterministic approximation algorithm for 

unit—Jmis described that works in quadratic time for constant d and has 
an approximation ratio of 1 -I- 2‘^/[^/m\ for d < 21og2 m. 



1 Introduction 

Minimizing the makespan for general job shop scheduling is one of the funda- 
mental optimization problems. It is NP-hard, and Williamson et al. [WHH97] 
proved that the minimum makespan is not even approximable in polynomial 
time within 5/4 — £ for any e. Moreover, no constant approximation algorithm 
is known, see Goldberg et al. [GPSS97] and Shmoys et al. [SSW94]. 

Many job shop scheduling models have been identified as having a number 
of practical applications. But even severely restricted models remain strongly 
NP-hard. In this paper, we consider a problem setting that relates to finding 
optimum schedules for routing packets through a network, see [LMR99]. It is 
a well-studied version of job shop scheduling with m different machines and 
unit length tasks, denoted by unit—Jm- There are d jobs J 2 , ■ ■ ■ , Jd for some 
integer d>2. Each job consists of a sequence of m tasks, such that each machine 
processes exactly one task of the job. Therefore, for each job the order of the tasks 
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fJi, (72, . . . , (Tm determines a permutation of the m machines, where ai requires 
processing on the z-th machine. As in the general job shop, each machine can 
process only one task at a time and each job must be executed on the machines 
in the order given by its permutation. A feasible schedule is an assignment of 
starting times to tasks that satisfies all stated restrictions. The makespan of a 
schedule is the maximum over the completion times of all jobs. The objective is 
to minimize the makespan over all feasible schedules. The problem unit—Jmis 
NP-hard for m > 3, see Lenstra and Rinnooy Kan [LR79]. 

The algorithm of Goldberg et al. [GPSS97] improved a result of Shmoys 
et al. [SSW94] and provides an approximation ratio 0((log2 m)/(log 2 log 2 m)^) 
for unit—Jm- Instances with two jobs have been shown by Brucker [B88] to be 
solvable in linear time. Later, we shall see that a straightforward extension of 
this algorithm leads to an 0{m‘^) time algorithm for any input instance of unit— 
Jmwith c? jobs. Leighton et al. [LMR99] proved that there exists always a schedule 
with makespan 0(m + d). This provides a randomized constant approximation 
algorithm for this problem. The constant is equal to two and was determined 
by Scheideler [S98] . Feige and Scheideler [FS98] proved that the bound does not 
extend to the case of arbitrary task lengths. 

In this paper, we analyze the hardest input instances of unit—Jm- As already 
mentioned, finding the optimal makespan of job shop instances with two jobs is 
solveable in linear time. Therefore, in this paper, the term hard instance is used 
in the sense of makespan length only. Our observations lead to the design of a 
randomized on-line algorithm that solves with d jobs in linear time with 

expected approximation ratio that tends to 1 for d = The contributions 

of this paper can be formulated as follows. 

1. The makespan of an optimum schedule is at most 

m -|- 2d^/m; 

this amounts to m -I- o(m) for every problem instance of unit— Jm with d = 
jobs, and thus for this case improves on the upper bound 0{m + d) 
derived by Leighton et al. [LMR99]. For d = 2 we prove the stronger upper 
bound m+ \ ^/m] . 

2. There exist input instances of uni'^Jm^'^th two jobs such that every schedule 
has a makespan of at least 

TO -I- \Jm. 

Hence, the result (i) cannot be improved for d = 2. 

3. For every positive integer to, there is a randomized on-line approximation 
algorithm that solves uni'^Jm in linear time with an expected approximation 
ratio of 




this amounts to 1 -I- o(l) for d = o(to^/^). These results demonstrate an ex- 
treme power of randomness for unit—Jm for several reasons. First of all our 
randomized on-line algorithm is competitive with respect to the makespan 
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of an optimum solution. For d = the algorithm is the best approxi- 

mation algorithm for unit—Jm ■ We do not know any off-line polynomial-time 
approximation algorithm with an approximation ratio that would tend to 1 
for d = with growing m. Moreover, no deterministic on-line algo- 

rithm can achieve a makespan better than d ■ {m — 1)/ log 2 d [LMR99]. 

4. We present a deterministic approximation algorithm that is efficient at least 
for small d’s in comparison with m. Its run-time is 0{d^rn^), and it has an 
approximation ratio of at most 



LVmJ 

which tends to 1 with growing m for d = o(log 2 m) . 

The paper is organized as follows. Section 2 presents a geometrical repre- 
sentation of the input instances of unit—Jm that is essential for a transparent 
analysis of unit—Jm- In Section 3 we present some hard input instances with 
two jobs only. Section 4 shows the existence of efficient schedules for all input 
instances of unit—Jm- In Section 5 the randomized algorithm with the proper- 
ties as described in (iii) is given. Our deterministic approximation algorithm is 
presented in Section 6. 



2 A Geometrical Representation of Instances 

We start with the representation of input instances with two jobs that was 
employed in [B88] to design a linear time algorithm for this special case of 
unit—Jm- 

Let (*i, ... ,im) and (ji, ... ,jm) be two permutations of (1,2, ... ,m) 
that represent the input instance ... ,cri^), ... of 

unit—Jm. We consider a grid Gm of size m x m, where for all k, I G {1, . . . , m} 
the fc-th row of Gm is labeled by jk and the l-th. column of Gm by ij. A pair (fc, Z), 
i.e., the intersection of the fc-th row and the Z-th column, is called an obstacle, if 
and only if ii = j^. The corresponding square is depicted by a black box. 

Fig. la illustrates the Gg of the input instance with two jobs that are given by 
the two permutations (1, 2, 3, 4, 5, 6, 7, 8, 9) and (1, 3, 2, 6, 5, 4, 8, 7, 9). The term 
obstacle is motivated by the following observation. Assume that the first job has 
executed its first Z — 1 tasks and the second job its first fc — 1 tasks. If q = jk, 
then both tasks ai, and CTjj, require the same machine and therefore, only one of 
the two jobs can continue its execution in the next time unit and the other one 
is delayed. Otherwise, both jobs can proceed simultaneously. 

We assign to the grid Gm the Graph(Gm)=(M, A), where V consists of all 
vertices of the grid and the set E includes all orthogonal edges of the grid. 
Additionally, E contains diagonal edges that connect the upper-left corner with 
the lower-right corner of a grid square that is not an obstacle. Fig. lb shows 
the corresponding Graph(Gg) of Gg given in Fig. la. Any feasible schedule is 
represented by a path from the upper-left corner of Gg to the lower-right corner 
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of Gg. The path consists of edges of Graph(Gg), where each edge represents one 
unit of time. A vertical grid edge indicates that in this time unit, a task of the 
first job is delayed] a horizontal grid edge indicates a delay of a task of the second 
job; a diagonal edge tells that both jobs are processed at the same time with no 
delay. 

An optimum schedule corresponds to a shortest path from the upper-left 
corner a to the lower-right corner b. The bold polygonal line in Fig. 1 represents 
an optimum schedule of our example. In the schedule, there are 6 delays that 
are equally distributed between the two jobs. Therefore, the makespan of the 
illustrated schedule is m -|- 6/2 = 9 -I- 3 = 12. 

Let S' be a schedule of an instance with two jobs. The number of vertical 
edges of the path representing S is called the delay of the first job according 
to S, and the number of horizontal edges of S is called the delay of the second job 
according to S. The delay of S is the maximum over these two delays. Obviously, 
the makespan of S is exactly the sum of m and the delay of S. For later use, we 
denote by sum-delay (S ) the sum of the delays of jobs according to S. 





(a) 



(b) 



Fig. 1. An hard input instance of with two jobs and nine machines 



We outline the extension of this representation for an arbitrary number d of 
jobs. In this case we have a d-dimensional grid that contains d-dimensional 
grid cells. Again, the unit intervals of each axis are labeled by the tasks accord- 
ing to the sequence of machines of the corresponding job. A label i of some axis 
determines a (d — l)-dimensional subgrid of GJ^. 
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The intersection of two such different subgrids with labels i is a, {d — 2)- 
dimensional subgrid of grid hypercubes that are obstacles in the following 

sense. If d' and d" are the dimensions in which the common label i defining 
the obstacles occurs, then any diagonal of a grid square Q in the intersection is 
forbidden whose projection on dimensions d' and d” is a diagonal (and all others 
are allowed w.r.t. to this intersection). In particular, the main diagonal of such 
a square Q (that corresponds to the execution of all tasks determined by the 
coordinates of this grid square Q) is forbidden, and so are the diagonals of the 
surface of Q that correspond to the intersection. For instance, if Q is part of the 
intersection oi q {d — l)-dimensional subgrids determined by the same task ai 
and q different axes, then to go from the “lowest” corner of Q to the opposite 
corner of Q requires at least q time units: Since in this case q tasks request the 
same machine, this congestion can be resolved by q subsequent steps only. Fig. 2 
gives an exsample of such an obstacle in the 3-dimensional case. 




Fig. 2. An obstacle in the 3-dimensional case 



Again, any optimum schedule corresponds to a shortest path between the two 
extreme corners of the grid. Therefore, for any constant d we get a polynomial- 
time algorithm for input instances with d jobs. The notions delay of S and 
sum-delay (S) can be extended for d > 0 jobs in a straightforward way. 
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3 Some Hard Instances 

The aim of this section is to construct some of the hardest problem instances with 
two jobs, i.e., instances where the optimum schedule has a maximum number 
of delays. Let makespan(I) denote the length of an optimum schedule for the 
problem instance / in what follows. 

Lemma 1. For every m = « positive integer, there exists an input 

instance Ir of two job unit—Jm such that 

makespan{I r) > m + 

Proof: Let If} = (Ji, J 2 ), where 

Ji=wi,W 2 , ... ,Wk , and J 2 = w^,W 2 , ...,wj}, 

with Wi denoting a subsequence of tasks (represented by integers for the respec- 
tive machine numbers), and wf' denoting the reverse of Wi. 

The subsequences Wi and wf-, with i = 1, ... , fc, are defined as 




Observe that Wi is a sequence of i integers, for z = 1, . . . , fc, and that J\ = 
1,2, ... , TO. An example for to = 10 = ( 2 ) is 

Ji = [1], [2, 3], [4, 5, 6], [7, 8, 9, 10], and J 2 = [1], [3, 2], [6, 5, 4], [10, 9, 8, 7]. 

In the full proof (in the Appendix for the convenience of the reader) we show 
that every schedule on contains at least k delays, i.e., every shortest path 
contains at least k orthogonal grid edges. Note that this is sufficient to prove 
our result because it implies that at least one of the jobs Ji and J 2 is delayed 
by at least fc/2 > yjrnj^pi— 1/2 time units and therefore, the makespan must 
be at least to -I- fc/2. □ 

Consider an input instance = ( 711 , 712 ), for to = fc^,fc a positive integer, 
where 

7Ti = Wi, W2, ■ • • , Wk,Uk-l,Uk-2, • ■ ■ , Ui, 

7T2 = 

where the Wi have the same meaning as before, and ui is a sequence of I tasks 
for / = 1, ... , fc — 1, with up denoting the reverse of ui . The example of 
for 7Ti = 1, 2, . . . , TO is given in Fig. 1. An extension of the analysis presented in 
Lemma 1 leads to the following result. 
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Lemma 2. For every m = k'^, k a positive integer, 

makespan{Ii^) > m + y/m = m + k. 

Proof: To prove the Lemma we show (in the Appendix, for the convenience 
of the reader) that every shortest path between the two opposite corners of the 
grid contains at least 2 • k orthogonal grid edges; this implies that at least one 
of the two jobs is delayed by at least k = ^/m time units and therefore, the 
makespan must be at least m + y/m. □ 

4 Upper Bounds on the Number of Delays 

In this section, we show that any input instance of unit—Jm can be scheduled 
with 2 • delays for d < as compared with the lower bound on the 

makespan. This improves on the upper bound 0(m + d) [LMR99] for d = o{m). 

First, we give the upper bound for two jobs. Note that this upper bound 
meets the lower bound of Lemma 2. 

Lemma 3. For every positive integer m, any two job problem instance I of 
unit—Jm satisfies 

makespan{I) <m + \Vm~\ ■ 




Fig. 3. The considered diagonals of Gm 



Proof: For simplicity we present the proof for the case m= k'^ only. To do this 
we use the geometric representation. In what follows for i = 0, 1, ... , \/rn, the 
diagonal Di of the grid Gm is the diagonal going from the position (0,i) to the 
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position (m — i,m); similarly, diagonal D-i goes from (i,0) to (to, to — i), see 
Fig. 3. 

For each i € { — ... ,0, ... , -\/ to}j we associate a schedule S{Di) to 

diagonal Di. The schedule S{Di) uses first i orthogonal grid edges to reach the 
beginning of the diagonal Ui, then it runs via this diagonal and avoids each 
obstacle on this diagonal by one horizontal move and one vertical move. Finally, 
it uses i grid edges on the border of Gm in order to reach (to,to). Observe that 
the makespan of this schedule is exactly 

m + i + the number of obstacles at Di 



because the length of Di is m — i and the schedule uses 2 • i steps to reach 
and to leave this diagonal. Therefore, the delay of the schedule S{Di) is i+ the 
number of obstacles at Di. The sum of all delays over all 2^/m + 1 considered 
schedules Di is at most 



y/rn 






-v/m 

z|=to + 2-N i = m + yfm ■ (y/m + 1) 



i=l 



because the number of all obstacles in the whole Gm is exactly m, the number 
of machines^. Since the average delay over all 2 • y/m + 1 considered schedules is 



TO + y/m ■ (>/to + 1) 
TO + 1 



< ^/m - 



1 

2 ’ 



there must exist a schedule that has delay at most ^/m. □ 

Now, we extend Lemma 3 to all input instances, i.e., any number of jobs. 



Theorem 1. For every positive integer m, and every instance I ofuniGJm with 
d = jobs, the length of any optimum schedule can be bounded from above 

by 

makespan{I) < to + 2d^/m = to + o{m). 



Proof: The idea of the proof is to generalize the case with d = 2 to any 
dimension. We can view the d-dimensional to x m x . . . x to grid Gm,d{I) as 
a subgrid of an infinite d-dimensional grid. We consider the following set T> 
of diagonals that are parallel to the main diagonal of Gm,d{I) that starts in 
the point (0, 0, ... , 0) and ends in (to, to, ... , to): We take every diagonal with 
a starting point (*i, * 2 , ■ . . , id), where there is exactly one j G {1, . . . , d} such 
that ij = 0, and 0 > if, > — r, for b G {1, . . . , d} — {j} and some to > r > 0. Let 
D{ii,i 2 , . . . ,id) denote the diagonal starting in (ii, * 2 , ■ ■ ■ ,id) that ends in the 
point {ii+m+a, i 2 +m+a, . . . , i^-l-TO-l-a), where a = max{|id | c€ {1, . . . , d}} <r. 
Every diagonal D{i\,i 2 , . . . ,id) corresponds to a job schedule where the j — th 



^ Therefore, in the worst case, all obstacles of Gm lie on the 2fc -|- 1 diagonals, see 
Fig. 3. 
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job is postponed by ij time units with respect to jobs starting with the delay 0. 
If this schedule reaches the final point (zi+m + a,i 2 + m + a, . . . ,id + m. + a) then 
all jobs were completely executed because ij +m + a> m for all j € {1, . . . , d}. 

Obviously, the number of all such diagonals is exactly 

( 1 ) 

Note, that one could consider also diagonals with starting points containing 
several 0 elements, but this makes the calculation more complex and the achieved 
gain is negligible. 

Similarly, as in the 2-dimensional case we calculate an upper bound on the 
total delay of all schedules. This bound can be obtained as the sum of an 

upper bound on the sum of the lengths of all diagonals and of an upper bound 
on the number of all delays occurring on these diagonals. 

Because the starting points of all diagonals in T) lie on the bounding surface 
of the grid, translated by m diagonally, and because at the end at most r extra 
diagonal steps are added, the length of each described diagonal is bounded from 
above by m -I- r. Because of (1) the sum of the lengths of all diagonals is at most 

d ■ ■ (m -I- 2r). (2) 

Now, we count the number of possible delays. The d axes of the subgrid 
Gm,d{I) are labeled by the d jobs. A label (Ji on an axis determines a (d — 1)- 
dimensional subgrid of of m‘^~^ d-dimensional unit grid cubes. An inter- 

section of two such subgrids determined by the same label (Ti on two different axes 
is a (d— 2)-dimensional subgrid of d-dimensional unit grid cubes. Observe 
that the inner diagonal of any unit grid cube induced by this intersection subgrid 
as well as the corresponding diagonal on the surface of this unit grid cube are 
forbidden, for any schedule. Therefore, any of our diagonal schedules containing 
such a unit grid cube will get a delay. Obviously, if q (d— l)-dimensional subgrids 
labeled by ai meet in one unit grid cube, the diagonal schedule containing such 
a grid cube must use q — I additional steps to avoid this obstacle. 

We calculate the total number of delays as the sum of the number of delays 
caused by pairs of (d— l)-dimensional subgrids with the same label. We start with 
the following technical fact (whose proof is in the Appendix for the convenience 
of the reader): 



Fact 1 The intersection of every pair of id— \)~ dimensional subgrids determined 
by the same task a affects at most 

(d- 1) • 

diagonals of T>, each of them in exactly one unit grid cube. 

Since we have m tasks in each of the d jobs and ( 2 ) pairs of axes (jobs) , the 
number of schedule delays on all d • r'^~^ diagonals is at most 



d-2 



m ■ 



d' 



• (d- 1) -r' 



( 3 ) 
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Therefore, the average number of delays per diagonal is at most 

m • ^ m • (d - 1)^ 

d ■ ~ 2 ■ r 

Since the length of every diagonal is bounded by m+2r, the average makespan 
over all diagonal strategies in T> is bounded by 



TO + 2r + 



m{d — 1)^ 



< TO + 2r + 



md'^ 



( 4 ) 



Choosing r = d^pmj2 we obtain an average makespan over our dr^ ^ diagonal 
strategies of at most 



TO + 2dy/m. 

Thus, there must exist at least one diagonal strategy with a makespan of at most 
TO + 2dy/m = TO + o(to) for d = o(to^/^). 

□ 



Corollary 1 For every positive integer m and every instance I of unit—Jm with 
d < TO^/^“® jobs, with 0 < e < 1/2, the makespan of any optimal schedule can 
be bounded from above by 

makespan{I) < to + 2to^~®. 



Proof: We choose 

and insert it into (4). Then we have 



TO + 2[ — TO 



1—e 



J + 



m{d — 1)^ 
2[4to1“^J 



< TO + 2to^ 



□ 

Since the best known upper bound on the makespan is 2 (to + d) > 2 to, our 
upper bound is an improvement for d = o(to) . 



5 A Randomized On-Line Approximation Algorithm 

We propose the following randomized on-line algorithm for unit—Jm- 
Algorithm OLRm 

Input: The number of jobs d and the number of machines to are known initially 
and d = o(to^/^). The tasks of the jobs are presented one by one, within each 
job in the order of their occurrence, and in arbitrary order across the jobs. 

Step 1: Choose uniformly a diagonal D at random from T>, i.e., generate the 
start coordinates of a diagonal from T> at random by following Theorem 1 . 
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Step 2: Apply the schedule determined by Step 1 by avoiding the obstacles as 
they appear. 

Theorem 2. The randomized on-line algorithm OLRm for unit—Jm 

1. has an expected competitive ratio of at most 1 + 2d/y/m, that is, 1 + o(l) if 

d = and 

2. runs in linear time. 



Proof; First we prove (ii). We have an input of length m ■ d. A number d ■ 
[log 2 {d^/m/2)~\ of random bits is sufficient to determine a diagonal and therefore, 
Step 1 can be executed in linear time. It is straightforward to follow a given path 
for actual jobs (using diagonals whenever possible) in linear time. 

Now, we prove (i). Since the average makespan over all schedules determined 
by the diagonals from T> is at most m + 2d^/m, and the optimum makespan is 
at least to, the expected approximation ratio of OLR is at most 



TO + 2d^Jrn 



TO 




□ 

Therefore, OLR is (1 + 2d/ ^/rn) competitive w.r.t. optimum schedules. Note 
that no (randomized) polynomial-time algorithm with an approximation ratio 
tending to 1 for d = o(to^/^) with growing m has been known before. For d < 
our algorithm is better than the 2-approximation algorithm of Leighton 
et al. [LMR99]. Moreover, OLRm shows nicely the power of randomization, 
because every deterministic on-line algorithm for unit—Jm has its competitive 
ratio at least fi{d / log 2 d) [LMR99]. 

6 A Deterministic Approximation Algorithm 

As we already observed our grid representation provides an algorithm for 

input instances with to machines and d jobs. The complexity of this algorithm 
is too large even for constant d’s and it is not polynomial for d growing with to. 
The aim of this section is to present an efficient approximation algorithm at least 
for small d in comparison with to. 

The idea is again to find a diagonal strategy, but in a deterministic way 
by looking on the [fj 2-dimensional surfaces of Gm,di,I) only. Remember that 
fixing a diagonal strategy is nothing else than fixing the relative delays between 
all pairs of jobs. 

Algorithm SURFACE(I) 

Input: I = ( Ji, J 2 , . . . , Jd), where Ji is the job, i.e., a permutation of 
(1, 2, . . . , to), and d < 1/2 log 2 m. 
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Step 1: If d = 2 take the best diagonal strategy from the 2^/m + 1 diagonal 
strategies with the relative delay between J\ and J 2 bounded by y/m. If 
d > 2, then apply SURFACE (Ji, J 2 , . . . , Jd-i) in order to find a diagonal 
strategy D for (Ji, J 2 , . . . , Jd-i), that contains at most delays and 

for every j G 2 , . . . , d — 1 the relative delay between Ji and Jj is at most 
y/m. (Observe, that D fixes the delay between any two of the first d — 1 
jobs.) 

Step 2: Fix consecutively the relative delays between and the jobs Ji, J 2 , 
J 3 , . . . , Jd-\ in the following way: 

(2.1) Set S\ as the set of the best^ Lv^J diagonal strategies from the 2 • 

+ 1 diagonal strategies for the input instance ( Ji, Jd). {Si can be 
viewed as a set of relative delays from { [—ySTij , } between Ji 
and Jd and together with D it determines [\/m\ diagonal strategies for 

(Ji, J 2 , ■ ■ • , Jd))- 

(2.2) Set S 2 as the set of the best [■ymJ/2 diagonal strategies from the diag- 
onal strategies of Si according to the input instance (J 2 , Jd)- 

(2.i) Set Si as the set of the best [■y/mJ/2*“^ diagonal strategies from the 
diagonal strategies of Si-i accordii^ to the input instance (d^, Jd)- 
(2.d-l) Choose the best diagonal strategy D from S'i_i_according to {Jd-i, Jd)- 
Output: The diagonal strategy determined by D and D. 

Theorems. For every input instance I = {Ji, J 2 , - - - , Jd) of unit— J^ with 
d < 21 og 2 m, the algorithm SURFACE(I) 

(i) runs in time 0{dfm?), and 

(ii) has an approximation ratio of at most 1 + . 

Proof; SURFACE(/) does nothing else than looking on all ( 2 ) 2-dimensional 
surfaces of Gm,d{I) in order to choose a set of convenient delays with respect to 
every pair of jobs. The size of each surface is m? and the choice of a group of the 
best diagonals from a given set of diagonals can be done in 0{m^) time. Thus, 
the overall time is in 0{d^m?). 

To prove (ii) we first prove 

(ii)^ The diagonal strategy computed by the algorithm SURFACE(J) contains at 
most 2’^\^Jrn) delays. 

We prove (ii)^ by induction on d. For d = 2 Lemma 3 guarantees at most 
\\/m) delays. Let (ii)' be true for d — 1, i.e., the strategy D computed for 
( Ji, J 2 , ■ • ■ , Jd-i) in the first step of SURFACE (/) contains at most 2'^~^ - \^/m) 
delays between the first d — 1 jobs. In Step (2.1) we look on the surface de- 
termined by {Ji,Jd)- Following Lemma 3 the average number per diagonal of 
obstacles on the main 2 • + 1 diagonals of this surface is at most 

2 • -I- 1 ~ 2 

^ with respect to the number of obstacles 
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So, there must exist a set Si of diagonals such that every diagonal of Si 

has at most obstacles, i.e., at most twice the average. Observe, that each 

of these diagonals from S together with D determines a diagonal strategy for 
the whole instance / = ( Ji, J 2 , . . . , Jd), where Ji and Jd have at most 
delays. Thus, we have | Si |= Lv^J candidates for the output. In Step (2.2) 
we choose the best \^rn\j2 from these candidates with respect to the obstacles 
for J 2 and Jd- Since these candidates can contain together at most m 

obstacles, the average number of obstacles is \^/rn~\, and so there exist Y^pm\j2 
diagonals each with at most 2 • \^/m^ obstacles. In general, in Step (2.i) for 
2<i<d— 2 we choose from the remaining [•ymJ/2*“^ candidates the best 
candidates with respect to the number of obstacles on the surface 
determined by Ji and Jd- Each of the candidates of Si has at most 2*“^ • 
obstacles between Ji and Jd- The last Step (2.d-l) corresponds to the choice of 
the best diagonal D' (with respect to the relation between Jd-i and Jd) from 
'li/m\/2'^~^ candidates. The number of obstacles between Jd-i and Jd on D' is 
bounded by the average 



Lv^J/2' 



d-3 



= 2 



d—3 



\Vm~\- 



Let D be the resulting strategy for /. Thus, the overall number of obstacles 
between Jd and all other jobs in D is at most 



d-2 



^2*-i • [v^l = (2'"-^ - 1 ) • < (2‘"-i - 2) • (v^l. 

i=l 

By the induction hypothesis the number of obstacles between the first d — 1 
jobs is at most 2'^“^ • and therefore, the overall number of obstacles on 

all ( 2 ) 2-dimensional surfaces is at most 

(2‘^-2). (v^l. 

Obviously, these obstacles together cause at most (2^^ — 2)|"y^] delays when 
following the diagonal strategy D- The length of D is at most m -I- 2 • 
because D was constructed in such a way that no relative delay between Ji 
and any other job would be greater than [-ym J (be., the relative delay between 
any pair of jobs is at most 2 • Y-i/rn\)- Thus, the schedule that follows D has a 
makespan of at most 



m 



+ 2 - [y/m) -I- {2'^ — 2) • \yfm) < m + 2‘^ ■ \y/m ~\ . 



Since the optimum makespan is at least to, 
most 

<yd 

1 + I / — I • 
[y/m\ 



the approximation ratio is at 



The main point is that SURFACE works in quadratic time for constant d 
and can provide a good approximation ratio in that case. Observe, that the ap- 
proximation ratio of SURFACE (/) tends to 1 with growing to for d = o(log 2 to). 
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7 Conclusions 

For the job shop schedule problem unit—Jm^s derived an upper bound on the 
makespan of optimum schedules that improves on the result given in [LMR99] 
for d = We presented a competitive w.r.t. the makespan of an optimum 

solution, randomized on-line approximation algorithm that solves unit—Jm in 
linear time with an expected approximation ratio of l+2d/ y/rn which amounts to 
1+0(1) for d = o{m}/^). For d = o(m^/^) the algorithm is the best approximation 
algorithm for unit—Jm- Our deterministic approximation algorithm is efficient at 
least for small d’s in comparison with m. Its run-time is 0{d^m'^), and it has an 
approximation ratio of at most 1 + which tends to 1 with growing m for 

d = o(log 2 m). For the special case of unit— with two jobs, which is solvable 
in linear time, we have shown that there exist input instances such that every 
schedule has a makespan of at least m + yTn. Therewith, we proved that our 
upper bound on the makespan for m + , for d = 2 cannot be improved. 
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8 Appendix: Proofs 

8.1 Proof of Lemma 1: The Remaining Part 

Remaining part of the proof of Lemma 1 : We prove by induction on i + 1 
that any schedule for the jobs {wi,W 2 , ■ • ■ , Wi) and (wf, , wf) causes 

at least z delays. To do so, we use the following induction hypothesis: 

Any schedule for , where one job is completed and for the other job a 
prefix of length — r, for r < i, is already processed (r is called the relative 
delay^, uses at least i orthogonal grid edges (sum-delay is at least i), and it uses 
at least i + 1 orthogonal grid edges if the parities of r and i differ (i.e., r is odd 
and i is even, or r is even and i is odd). 

Obviously, this is true for i = 1 . Let the hypothesis be true for i' = i — 1 . 

Now, consider a prefix of a schedule S for ' ,i > 1, and i is odd. The 
case that i is even is left to the reader. Let us consider the last time unit t 
before the first task of Wi or of will be executed. We distinguish between two 
possibilities according to the relative delay r of the executions of the prefixes up 
to t of Ji to J 2 (i.e., the distance to the diagonal) in Graph(Gj-i+ip. 

(ii)^ Let the relative delay be at least i', i.e., the distance to the main diagonal is 
r > i'. If r > + 1 = i, we are done. If r = i' , then one can use the diagonal 

edges only to execute Wi or wf^, but because of the same parity of r and if 
the induction hypothesis is satisfied. Since any change of the relative delay 
during the work on Wi or causes a new delay, the hypothesis is true after 
processing Wi or too. 

(ii)^ Let the relative delay r be at most i' . Then, following the induction hypothe- 
sis, the schedule contains in this moment at least i' delays if r is even, and at 
least i' -\-l delays if r is odd. If r is even, then it is sufficient to observe that it 
is impossible to reach the border of the grid by using diagonal edges 

only. This is because = (*) -I- 1, . . . , ( 2 ) + *, wf = ( 2 ) + L ■ • ■ 1 ( 2 ) + 1- 
Therefore, the execution of the task is an obstacle for the following 

sequence of diagonal edges running parallel to the main diagonal in the dis- 
tance i-2j-\-l (corresponding to relative delay i-2j-\-l) for j = 1, . . . , \ i/2\ . 
Hence, at least 1 additional delay is necessary, and two additional delays are 
necessary if the schedule finishes in the same distance r from the diagonal. 
If r is odd, and the schedule S executes Wi or wf- by using diagonal edges 
only, we have i “old” delays (induction hypothesis) and we are done. Obvi- 
ously, if the distance to the diagonal changes, at least one additional delay 
occurs. 

□ 



8.2 Proof of Lemma 2: The Remaining Part 

Remaining part of the proof of Lemma 2: We use the induction of the 
proof of Lemma 1 in the following way. The prefixes = w\,W 2 , ■ ■ ■ , Wk-i and 
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7T2 = wf , W 2 , • ■ ■ , of the instance define an instance ^ considered 
in Lemma 1, with k' = k — 1. The suffixes tt" = Uk-i,Uk- 2 , . . . ,mi and 7r2 = 
u^-i,Uk- 2 ! • • ■ I define the same instance in a symmetric way. We distinguish 
two cases. 



(ii) The relative delay r caused by the prefix /')j ^ \s r < k' and the parities 
of k' and r are the same. Then we know from Lemma 1 that any schedule 
of this prefix uses k' orthogonal grid edges. However, in the case that the 
parities of k' and r are the same it is impossible to reach the border of the 
grid Gfk+i-^ by using diagonal edges only. This is because of Wk and and 
hence, at least 1 additional delay is necessary, and two additional delays are 
necessary if the schedule finishes in the same distance r from the diagonal. 
After executing the tasks of Wk and the schedule uses either k' + 1 = k 
orthogonal grid edges and changes the parity of r or it uses k' + 2 = k + 1 
orthogonal grid edges and does not change the parity of r. 

(ii)^ The relative delay r caused by the prefix ^ \s r < k' and the parities 
of k' and r differ. Then we know from Lemma 1 that any schedule of this 
prefix uses k' + 1 orthogonal grid edges. In this case, the schedule can execute 
the tasks of Wk and by using diagonal grid edges only and therefore, does 
not need to change the parity of r. 



Now, if the parities of r and k' are the same and the schedule uses two 
additional delays to execute Wk and then we have k' delays for the prefix 
and fc' delays for the suffix, i.e., the sum-delay equals 2(fc — 1) -|- 2 = 2k. If the 
schedule uses only one additional delay to execute Wk and then the parities 
of r and k' for the suffix differ. Hence, we have k' delays for the prefix and k' + 1 
delays for the suffix, i.e., the sum-delay equals k + k— 1 + 1 = 2k. The case that 
the parities of r and k' differ for the prefix are symmetrical. □ 



8.3 Proof of Fact 1 

Proof of Fact 1: It is obvious that every (d — I)-dimensional subgrid de- 
termined by a task a intersects each of the diagonals of T> in exactly one unit 
grid cube^. Thus, it remains to bound the number of diagonals intersecting the 
(d — 2)-dimensional subgrid considered. 

The intersection Ga of two subgrids labeled by the same task a corresponds 
to a fixed relative delay between the execution of two jobs. If the task a is at 
the position on the a*^-axis and at the position on the 6*^ axis, j < i, 
then the relative delay between the execution of the job and the job is 
j — i for all diagonals intersecting G^ . 

Thus, we count the number of diagonals from T> with the relative delay j — i 
between the and the job. Since T> is the union of all T>p’s, where T>p 

^ This is the cube that corresponds to the execution of the task cr in the job determined 
by the considered axis. 
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contains all diagonals with the element equal to 0 and n = 0 for 
u 7 ^ V, u,v S {1,2,. ..jd}, we count the number of such diagonals in for 
every p separately. 

Let p G {1, 2, . . . , d} — {a, b}. The intersection of Vp with G„ meets all the 
diagonals with H(ci, C 2 , . . . , Cd), where Cp = 0 and C{, = Cq + j — i. One has r 
possible choices for every position from the d — 3 positions of |l,2,...,d} — 
Ip, a, 6}, and at most r — {j — i) < r choices for the axis. The axis 
is unambiguously determined by the position. So, we have at most 
grid cubes in the intersection of and Vp for p G |l,2,...,d} — {a,b}. G^ 
meets exactly the diagonals D{ti,t 2 , ■ ■ ■ ,td) of T>b, that has t;, = 0 and ta = 
i — j. The number of such diagonals^ is exactly Ga does not intersect any 

diagonal from T>a because the diagonals Zl(si, S 2 , • . . , Sd) in T>a have Sa > Su 
for every w G {1, 2, . . . , d}, i.e., the job is executed as the first one and so it 
cannot be delayed with respect to any other job (including the 6*^ job). Thus, 
all together Ga intersects at most 



(d-1) 



diagonals. 



□ 



with 2 fixed positions 
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Abstract. Most scheduling models assume that the jobs have fixed pro- 
cessing times. However, in real-life applications the processing time of 
a job often depends on the amount of resources such as facilities, man- 
power, funds, etc. allocated to it, and so its processing time can be re- 
duced when additional resources are assigned to the job. A scheduling 
problem in which the processing times of the jobs can be reduced at 
some expense is called a scheduling problem with controllable processing 
times. In this paper we study the job shop scheduling problem under the 
assumption that the jobs have controllable processing times. We consider 
two models of controllable processing times: continuous and discrete. For 
both models we present polynomial time approximation schemes when 
the number of machines and the number of operations per job are fixed. 



1 Introduction 

Scheduling is one of the fundamental areas of combinatorial optimization. Many 
scheduling problems are known to be hard to solve optimally, thus, much of the 
research on these problems focuses on giving efficient approximation algorithms 
that produce solutions close to the optimum. Ideally, one hopes to obtain an 
algorithm that for any given e > 0 it produces in polynomial time a solution 
of value within a factor of (1 -I- e) of the optimum. Such an algorithm is called 
a polynomial time approximation scheme (PTAS). 
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Most classical scheduling models assume that in a scheduling problem the 
jobs to be scheduled have fixed processing times. However, in real-life applica- 
tions the processing time of a job often depends on the amount of resources such 
as facilities, manpower, funds, etc. allocated to it, and so its processing time can 
be reduced when additional resources are assigned to the job. This accelerated 
processing of a job comes at a certain cost, though. A scheduling problem in 
which the processing times of the jobs can be reduced at some expense is called 
a scheduling problem with controllable processing times. 

Scheduling problems with controllable processing times have gained impor- 
tance in scheduling research since the early works of Vickson [14,15]. For a survey 
of this area until 1990, the reader is referred to [8]. More recent results in- 
clude [2,3,10]. Two interesting related results are due to Trick [13] and Shmoys 
& Tardos [12]. They studied the scheduling of jobs with controllable processing 
times on unrelated machines. Trick [13] gave a 2.618-approximation algorithm 
for problem P3 (see below for definition of problem P3) on unrelated machines. 
This was improved by Shmoys and Tardos [12] who designed a 2-approximation 
algorithm. Furthermore, they also found a 2-approximation algorithm for prob- 
lem PI (see below) on unrelated machines. 

1.1 Job Shop Scheduling with Controllable Processing Times 

The job shop scheduling problem is a fundamental problem in Operations Re- 
search. In this problem there is a set = {Ji,..., of jobs that must be 
processed by a set of m machines. Every job Jj consists of an ordered sequence 
of operations Oij , 02j , ■ ■ ■ , . Every operation Oij must be processed with- 

out interruption by machine rriij for pij units of time. A machine can process 
only one operation at a time, and for any job at most one of its operations can 
be processed at any moment. The problem is to schedule the jobs so that the 
maximum completion time Tmax is minimized. Time Tmax is called the length or 
makespan of the schedule. 

The job shop scheduling problem is considered to be one of the most difficult 
to solve problems in combinatorial optimization, both, from the theoretical and 
the practical points of view. The problem is strongly NP-hard even if each job 
has at most three operations and there are only two machines [7]. Williamson et 
al. [16] show that the optimum solution of the problem cannot be approximated 
in polynomial time within a factor smaller than 5/4 unless P=NP. However, 
when m and p are fixed, Jansen et al. [5] designed a polynomial time approxi- 
mation scheme for the problem. 

Solving a scheduling problem with controllable processing times amounts to 
specifying a schedule cr that indicates the starting times for the operations and 
a vector 6 that gives their processing times and costs. We denote by T{a,S) the 
makespan of schedule cr with processing times according to 6, and we denote 
by C{S) the total cost of S. The problem of scheduling jobs with controllable 
processing times is a bicriteria optimization problem for which we can define the 
following three natural optimization problems. 



Job Shop Scheduling Problems with Controllable Processing Times 



109 



PI. Minimize T{cr, S), subject to C{S) < k, for some given value k >0. 

P2. Minimize C{S), while ensuring that T{a, S) < r, for some given value r > 0. 
P3. Minimize T{a, S) + aC{S), for some given value a > 0. 

In this paper we consider two variants for each one of the three above prob- 
lems. The first variant allows continuous changes to the processing times of the 
operations. The second assumes only discrete changes. In the case of contin- 
uously controllable processing times, we assume that the cost of reducing the 
time needed to process an operation is an affine function of the processing time. 
This is a common assumption made when studying problems with controllable 
processing times [12,13]. In the case of discretely controllable processing times, 
there is a finite set of possible processing times and costs for every operation Otj . 
We observe that, since for problem P2 deciding whether there is a solution of 
length r(fT, (j) < r is already NP-complete, the best result that we might expect 
to obtain (unless P=NP) is a solution with cost at most the optimal cost and 
makespan not greater than t(1 -be), £ > 0. 

The problems addressed in this paper are all generalizations of the job shop 
scheduling problem, and therefore, they are strongly NP-hard. Nowicki and 
Zdrzalka [9] show that the version of problem P3 for the less general flow shop 
problem with continuously controllable processing times is NP-hard even when 
there are only two machines. 

1.2 Our Contribution 

We present the first known polynomial time approximation schemes for problems 
PI, P2, and P3, when the number m of machines and the number /i of operations 
per job are fixed. Our algorithms can handle both, continuously and discretely 
controllable processing times, and they can be extended to the case of convex 
piecewise linear processing times and cost functions. These results improve the 
4/3-approximation algorithm for problem P3 described in Nowicki [10]. More- 
over, the linear time complexity of our PTAS for problem P3 is the best possible 
with respect to the number of jobs. 

Our algorithms are based on a paradigm that has been successfully applied to 
solve other scheduling problems. First partition the set of jobs into “large”, and 
“small” jobs. The set of large jobs has a constant number of jobs in it. Compute 
all possible schedules for the large jobs and, for each one of them, schedule the 
remaining jobs inside the empty gaps that the large jobs leave by first using 
a flinear program to assign jobs to gaps, and then computing a feasible schedule 
for the jobs assigned to each gap. 

A major difficulty with using this approach for our problems is that the pro- 
cessing times and costs of the operations are not fixed, so we must determine 
their values before we can use the above approach. One possibility is to use 
a linear program to assign jobs to gaps and to determine the processing times 
and costs of the operations. But, we must be careful, since, for example, a nat- 
ural extension of the linear program described in [5] defines a polytope with an 
exponential number of extreme points, and it does not seem to be possible to 



110 



Klaus Jansen et al. 



solve such linear program in polynomial time. We show how to construct a small 
polytope with only a polynomial number of extreme points that contains all the 
optimum solutions of the above linear program. This polytope is defined by a lin- 
ear program that can be solved exactly in polynomial time and approximately, 
to within any pre-specified precision, in strongly polynomial time. 

Our approach is robust enough so that it can be used to design polynomial 
time approximation schemes for both the discrete and the continuous versions of 
problems P1-P3. Due to space limitation we focus our attention on the contin- 
uous case of PI and the discrete case of P3. The remaining results will be given 
in the long version of this paper. 

Throughout this paper we present a series of transformations that simplify 
any instance of the above problems. Some transformations may potentially in- 
crease the value of the objective function by a factor of 1 -I- 0(e), e > 0, so we 
can perform a constant number of them while still staying within 1 -|- 0{e) of 
the optimum. We say that this kind of transformations produce 1 -I- 0{e) loss. 
A transformation that does not modify the value of the optimum solution is said 
to produce no loss. 

The rest of the paper is organized in the following way. In Section 2, we 
present a polynomial time approximation scheme for problem PI with continuous 
processing times. In Section 3 we study problem P3 with discrete processing 
times, and show how to design a linear time PTAS for it. 

2 Minimizing the Makespan Subject to Budget 
Constraints: Continuous Processing Times 

In the case of continuously controllable processing times, we assume that for 
each job Oij there is an interval 0 < iij < Uij, specifying its possible 

processing times. The cost for processing operation Oij in time £ij is denoted 
as c^j > 0 and for processing it in time Uij the cost is c“- > 0. For any value 

6ij G [0,1] the cost for processing operation Oij in time = Si j iij -I- (1 — 

6ij)uij is = Sijcfj + (1 — Sij)c^j. We assume that iij, Uij, c\j, c“ and Sij are 
rational numbers. Moreover, without loss of generality, we assume that for every 
operation Oij, d^j < c^j, and if c“ = c-^- then u^j = iij. 

Let us consider an instance of problem P 1 . Divide all c“- and c^j values by k 
to get an equivalent instance in which the bound on the total cost of the solution 
is one, i.e. C{S) < 1. If cfj > 1 for some operation Oij, we set cfj = 1 and make 
iij = {uij{c{j — 1) — iij{cfj — l))/(cfj — c“ ) to get an equivalent instance of the 
problem in which < 1 for all operations Oij . 

2.1 A Simple m- Approximation Algorithm 

We begin by showing that it is possible to compute in linear time an m-approxi- 
mate solution for problem P 1 . This allows us to compute upper and lower bounds 
for the minimum makespan that we use in the following sections. 
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Let U = i note that is a constant value. Consider an optimal 

solution {a*, 5*) of problem PI and let us use OPT to denote the optimum 

makespan. Let P* = J2j=i J2i=i = S"=i Sf=i(^u “ + U he the sum 

of the processing times of all jobs in this optimum solution. Define Cij = cfj — c^-, 
so C((5*) = ^ 1 - Let X be an optimal solution for the 

following linear program and P(x) the corresponding value. 

min P = + U 

s.t. E;=i Eti < 1 - E;=i Eti ■ 

0 < Xij <1 j = •••j n and i = 1, ..., /r. 

Observe that P{x) < P* and C{x) < 1. Note that this linear program is equiva- 
lent to the knapsack problem when the integrality constraints have been relaxed, 
and thus it can be solved in 0{n) time [6]. If we schedule all the jobs one after 
another with processing times as defined by x, we obtain a feasible schedule 
for the jobs J' with makespan at most P{x). Since OPT > P* /m (this is the 
makespan of a schedule which leaves no idle times in the machines), the ob- 
tained schedule has cost at most 1 and makespan P{x) < m ■ OPT. Therefore, 
OPT e [P{x)/m,P{x)], and by dividing all iij and Uij values by P{x), we get 
the following bounds for the optimum makespan: 

1/to < OPT <1. (1) 



2.2 Large, Medium, and Small Jobs 

We partition the set of jobs in three groups in the following way. Let P* = 

J2i=i p\'j Le the sum of the processing times of the operations of job Jj according 

to an optimum solution (a*, 6*). Let k and q be two constants, to be defined 

later, that depend on m, /r and e. We define the set £ of large jobs consisting of 

2 

the k longest jobs according to 6* . The next (2iil!2 longest jobs define the 

set M of medium jobs. The remaining jobs form the set S of small jobs. Even 
when we do not know an optimum solution (<t*, (5*) for the problem, we show in 
Section 2.4 how to select the set of long and medium jobs in polynomial time. 
Hence, we assume that we know sets £, A4 and S. An operation that belongs 
to a large, medium, or small job is called a large, medium, or small operation, 
respectively, regardless of its processing time. 

In the following we simplify the input by creating a well-structured set of 
possible processing times. We begin by showing that it is possible to bound from 
above the possible processing times of small operations by . 

Lemma 1. With no loss, for each small operation Oij we can set Uij <— utj 

-c“ 

and c“- ^ - My ) -f c“ , where My = min{My, 

Proof. By Inequality (1), the optimal makespan is at most 1, and therefore 
the sum of all processing times cannot be larger than to. Let p the length of 
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the longest small job according to i5*. By definition of C and AJ, \MU C\ ■ 

P = < Y.jjeMvcPj ^ so p < ^ 5 ^. Therefore, the length 

of the schedule is not increased if the largest processing time Uij of any small 
operation Oy is set to be Uij = min{uij, }. It is easy to check that, in order 

to get an equivalent instance it is necessary to set c“- <— {uij — Uij) + c“ 

(this is the cost to process operation Oij in time Uij). □ 

In order to compute a I + 0(e)-approximate solution for PI we show that 
it is sufficient to take into consideration only a constant number of different 
processing times and costs for medium jobs. 

Lemma 2. There exists a (1 + 2e)-optimal schedule where each medium opera- 
tion has processing time equal to * G N. 

Proof. Let us use {a*, 5*) to denote an optimal solution. Let A be the set of 
medium operations for which p^^ < . Since c“- < cf^, we observe that 

by increasing the processing time of any operation then the corresponding cost 
cannot increase. Therefore, if we increase the processing times for the opera- 
tions in A up to the makespan may potentially increase by at most 

I^IrnlATjjl — by Inequality (1) the schedule length may be increased 

by a factor of 1 -I- e. Now, consider the remaining medium operations and round 
every processing time pf^^ up to the nearest value of -I- e)*, for some 

i € N. Since each processing time is increased by a factor 1 -I- e, the value of an 
optimum solution potentially increases by the same factor 1 -|- e. □ 

Recall that by Inequality (1), every processing time cannot be greater than 1. 
Then, by the previous lemma, the number of different processing times for 
medium operations can be bounded by 0(log(TO|AI|^)/e) (clearly, the same 
bound applies to the number of different costs, since processing times and costs 
are closely related) . Since there is a constant number of medium operations, there 
is also a constant number of choices for the values of their processing times and 
costs. We consider all these choices (thus, we also consider the case where the 
processing times pij and costs for the medium operations are chosen as in the 
(1 -I- 2£)-optimal schedule of the previous lemma). In the following we show that 
when the medium operations are processed according to these (pij, )-values, 
it is possible to compute a 1 -I- 0(£)-approximate solution for PI in polynomial 
time. Clearly, a 1 -I- 0(£)-approximate algorithm is obtained by considering all 
possible choices for processing times for the medium operations, and by return- 
ing the solution that is of minimum length. From now on, we assume, without 
loss of generality, that we know these (py , )-values for medium operations. In 
order to simplify the following discussion, for each medium operation Oij we set 
Yj = Uij = pij and c\j = c'fj = Cij (this settings fix the processing time and cost 
of Oij to be Pij and Cjj, respectively). 
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2.3 Computing Processing Times and Assigning Operations to 
Snapshots 

A relative schedule for the large operations is an ordering of the starting and 
ending times of the operations. A feasible schedule S for the large operations 
respects a relative schedule R if the starting and ending times of the operations 
as defined by S are ordered as indicated in R (breaking ties in an appropriate 
way). 

Fix a relative schedule R for the large operations. The starting and finishing 
times of the operations define a set of intervals that we call snapshots. Let 
M(l), M(2), . . . be the snapshots defined by R. Snapshots M(l) and 

M{g) are empty. The number of snapshots g can be bounded by g < 2kp + 1. 

Lemma 3. The number of different relative schedules for the large jobs is at 
most (2efc)^^^. 

Proof. The number of possible starting times for the operations of a large job 
Jj is at most the number of subsets of size p, that can be chosen from a set 
of {2kp — 1) positions (there are 2pk — 1 choices for the starting times of each 
operations of Jj). Since each large operation can end in the same snapshot in 
which it starts, the number of ways of choosing the starting and ending times of 
the operations of a large job is at most the number of subsets of size 2p that can 
be chosen from a set of2{2kp—l) positions (we consider two positions associated 
to each snapshot, one to start and one to end an operation, but both positions 
denote the same snapshot). For each large job Jj there are at most (^^2/7^) 
different choices of snapshots where operations of Jj can start and end. Since 

= (2efc)"'^ and the number of 
large jobs is k, then there are at most (2efc)^^^ different relative schedules. □ 

By the previous lemma the number of different relative schedules is bounded 
by a constant. Our algorithm considers all relative schedules for the large jobs. 
Therefore, one of them must be equal to the relative schedule R* defined by 
some optimum solution. In the following we will show that when R* is taken into 
consideration we are able to provide in polynomial time a 1 + 0(e)-approximate 
solution. 

Given a relative schedule R* as described above, to obtain a solution for 
problem PI that respects R* we must select the processing times for the op- 
erations and schedule the medium and small operations within the snapshots 
defined by R* . We use a linear program to compute the processing times and for 
deciding the snapshots where the small and medium operations must be placed. 
Then we find a feasible schedule for the operations in every snapshot. 

To design the linear program, we create a variable x^j for each large opera- 
tion Oij ; this variable defines the processing time and cost of operation Oij . For 
convenience we define another variable a;“ with value 1 — x^j. The processing 
time of operation Oij is then x^j itj + a;“ Uij , and its cost is x^j c[j + xfj cfj . Let 
be the snapshot where the large operation Oij starts processing in the relative 
schedule R* and let ffj be the snapshot where it finishes processing. 
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Let Free{R*) = {{i,h) \ t h = and no long operation 

is scheduled by R* in snapshot M(t) on machine K] be the set of snapshots 
and machines not used by the large jobs in relative schedule R* . We repre- 
sent the processing times and costs for the medium and small operations as 
follows. For every job Jj e 5U AJ, let Aj be the set of tuples of the form 
= {(sii S 2 , • ■ • , v) I 1 ^ ^ *2 < • ■ ■ , < ^ 5: and {si.rriij) G Free{R*), 

for all i = 1, . . . , n}. Set Aj defines the set of /r-snapshots where it is possible to 
put the operations of job Jj . 

Let A = {((5i, i 52 , . . . , 5fj) \ Sk G {0, 1} for all A: = 1, , ^}. For each job 

Jj G S U AJ we define a set of at most (2g)^ variables where s G Aj 

and (5 G Z\. To explain the meaning of these variables, let us define Xij(w, 1) = 

'^{s,S)eAjXA I Si=w, 5i = l^j,{s,S) and Xij{w,0) = '^(^s,S)eAjXA \ Si=w, 6i=0^j,{sJ)i 

for each operation i, job Jj, and snapshot w. Given a set of values for the 
variables 5 ), they define the processing times and an assignment of medium 
and small operations to snapshots in which the amount of time that operation Oij 
is processed within snapshot M{w) is Xij{w, l)-iij+Xij{w, 0)-Uij, and the fraction 
of Oij that is assigned to this snapshot is xtj{w, 0) -I- xtj{w, 1). 

For each snapshot M{t) we use a variable tt, to denote its length. For any 

(i,h) G Free{R*), we define the load on machine h in snapshot M{t) as 

the total processing time of the operations from small and medium jobs that get 
assigned to h during M{i), i.e., 



/ 



\ 




Jj&SuM (s,6)eAjXA 




V 




Let the cost be 





Jj^C i—1 



We use the following linear program LP{R*) to determine processing times and 
to allocate operations to snapshots. 
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min T = 

s.t. C < 1, (1) 

’Yhi=aij ~ Jj & i = ^, ■ ■ ■ , M, (2) 

xij + a;“ =1, Jj GC,i = l,... (3) 

'^{s,s)eAjxA ^ 5U AJ, (4) 

L(,^h < te, (i,h) e Free{R*), (5) 

xipx'^j >0, Jj € C,i = l,... (6) 

Xj ^ 0, Jj € tS U AJ, ( 5 , (5) € Aj X A, (7) 

t/>’0, £=l,...,g. (8) 



In this linear program the value of the objective function T is the length of 
the schedule, which we want to minimize. Constraint (1) ensures that the total 
cost of the solution is at most one. Condition (2) requires that the total length of 
the snapshots where a long operation is scheduled is exactly equal to the length 
of the operation. Constraint (4) assures that every small and medium operation 
is completely assigned to snapshots, while constraint (5) checks that the total 
load of a machine h during some snapshot i does not exceed the length of the 
snapshot. 

Let {(J*,6*) denote an optimal schedule when the processing times and costs 
of medium jobs are fixed as described in the previous section. 

Lemma 4. The optimal solution of LP{R*) has value no larger than the make- 
span of (cr*, i5*). 



Proof. We only need to show that for any job Jj € 5 U Af there is a feasible 
solution of LP{R*) that schedules all operations Oij in the same snapshots and 
with the same processing times and costs as the optimum schedule {cr*,S*). 

For any operation Oij, let pff {w) be the amount of time that Oij is as- 
signed to snapshot M{w) by the optimum schedule {a*, 6*). Let x*j{w,l) = 



Stjplj (w)/p\'j and x*j (w, 0) = (1 - 5*j)p\'‘j (w)/p\'j . The processing time p\'j (w) 
and cost cff {w) of Oij can be written as x*Jw, l)-£ij-{-x*Jw, 0)-u^ and x*Aw, !)• 



c-ij + x*j{w, 0) • cfj, respectively. 

Now we show that there is a feasible solution of LP{R*) such that 
(*) = J2(s,s)&AjxA I s,=w, s,=iXj,{s,s) and 

{li) X*^{W,0) = T,{s.S)eA,xA I s,=w, S.= 0 ^J,{s,S)- 

Therefore, for this solution p (w) and cP {w) are linear combinations of the 
variables Xj^(^s, 5 )- We assign values to the variables Xj^(^s,s) as follows. 



1. For each job G 5 U A1 do 

2. (a) Compute 5^ = {(i, c?) | x*. (.£, d) > 0, i = 1, . . . , p, i = 1, . . . , g, d = 

0 , 1 }. 

3. (a) If = 0 then exit. 
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4. 


(a) 


Let / = min 


{x*j{£,d) 1 


(i,£,d) 


€ Sj} 


and let i',£', and d' be such that 






x:,g(£/d') = 


/■ 








5. 


(a) 


Let s = (si 


, 52 , • - . ,5^ 


) e Ag 


and S 


= (di,c? 2 ,... ,df^) G A be such 






that Si' = £', 


di' = d' and x*Asi 


:,di) > 


0, for alH = 1, . . . , p. 


6. 


(a) 


/ 










7. 


(a) 


x*iAsi,di) ^ 




- f for 


all i = 


1,2,... ,p. 


8. 


(a) 


Go back to step 2. 









With this assignment of values to the variables Xj^(^s,s)i equations (i) and (ii) 
hold for all jobs Jj G S U A4, all operations i, and all snapshots w. Therefore, 
this solution of LP{R*) schedules the jobs in the same positions and with the 
same processing times as the optimum schedule. □ 

2.4 Finding a Feasible Schedule 

Linear program LP(R*) has at most 1 + 2fik + n— k + mg — gk constraints. By 
condition (3) every large operation Oij must have at least one of its variables xfj 
or set to a non-zero value. By condition (4) every small and medium job Jj 
must have at least one of its variables Xj^(^s,s) s^t to a positive value. Furthermore, 
there is at least one snapshot i for which > 0. Since in any basic feasible 
solution of LP{R*) the number of variables that receive positive values is at most 
equal to the number of rows of the constraint matrix, then in a basic feasible 
solution there are at most mg variables with fractional values. This means that in 
the schedule defined by a basic feasible solution of LP{R*) at most mg medium 
and small jobs receive fractional assignments, and therefore, there are at most 
that many jobs from A4 U 5 for which at least one operation is assigned to at 
least two different snapshots. Let T be the set of jobs that received fractional 
assignments. For the time being let us forget about those jobs. We show later 
how to schedule them. 

Note that this schedule is still not feasible because there might be ordering 
conflicts among the small or medium operations assigned to a snapshot. To 
eliminate these conflicts, we first remove the set V of jobs from Af U 5 which 
have at least one operation with processing time larger than according 

to the solution of the linear program. Since the sum of the processing times 
computed by the linear program is at most to, then |V| < gPm^g/e, so we 
remove only a constant number of jobs. 

Let 0{t) be the set of operations from Af U 5 that remain in snapshot M{£). 
Let Pmax{£) be the maximum processing time among the operations in 0{€). 
Every snapshot M{£) defines an instance of the classical job shop problem, 
since the solution of LP{R*) determined the processing time of every opera- 
tion. Hence, we can use Sevastianov’s algorithm [11] to find in 0{n? p^m?) time 
a feasible schedule for the operations in 0{£)\ this schedule has length at most 
ti = it + g?mpmax{£)- We must increase the length of every snapshot M{£) to 
ti to accommodate the schedule produced by Sevastianov’s algorithm. Summing 
up all these snapshot enlargements, we get a solution of length at most the value 
of the solution of LP{R*) plus e/m. 
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It remains to show how to schedule the jobs V U IF. First we choose the value 
for parameter q\ 



q = 6/r'^m^/e. (2) 

Then the number of jobs in V U is 

\V^ T\< n^m^g/e + mg <qk. (3) 

Lemma 5. Consider solution Let P* = J2i=iPi'/ denote the length of 

job Jj according to 6*. There exists a positive constant k such that if the set of 
large jobs contains the k jobs Jj with the largest P* value, then P*< 

e/m. 

Proof. Let us sort the jobs Jj non-increasingly by P* values, and assume for con- 
venience that Pf > Pf > ... > P^. Partition the jobs into groups Gi,G 2 , ...,Gd 
as follows G* = {J(i+,b)i-i+i,..., J(i+,b)4> and let P{Gj) = ^et 

Gp+i be the first group for which P{Gp+i) < e/m. Since '^j.^jPj < m and 

i) > pe/m then p < ^. We choose C to contain all jobs in groups Gi 
to Gp, and so k = (1 -|- q)P. Since |VU < qk, then with this choice of £, 
|Gp+i| = qk>\VUP\ and therefore ^ ° 

We choose the set of large jobs by considering all subsets of k jobs, for all 
2 

integer values 1 < fc < For each choice of k the set of medium jobs is obtained 
by considering all possible subsets of {qpmf/e— l) k jobs. Since there is only 
a polynomial number of choices for large and medium jobs, we require only a 
polynomial number of attempts before detecting the set of large and medium 
jobs as defined by an optimum solution. 

The processing time of every small operation Gy in V U is chosen as pij = 
Uij and so its cost is Cy = c/j. Furthermore, recall that we are assuming that 
each medium operation Gy is processed in time Py = Py and cost Cy = Cy 
(see section 2.2). Let Pj = EEiPg- Then ~ Sj„GAin(vu.?') T 

Ej^G5n(vu.F)^T that by Lemma 1 and inequality (3), Ej^(^sn(vor)Po< 

qkpe / {qkpm) = e/m. By the arguments of section 2.2, py < max{p7^(l-|- 
e), e/{m\M\p) } and, therefore, E j,-G.Mn(vu^) Pj ^ Ej,-G.Mn(vu^) + e) + 
e/m < e{2 + e) /m, by Lemma 5. Therefore, we can schedule the jobs from V U iF 
one after the other at the end of the schedule without increasing too much the 
length of the schedule. 

Theorem 1. For any fixed m and p, there exists a polynomial-time approxi- 
mation scheme for PI that computes a feasible schedule with makespan at most 
(1 -|- e) times the optimal makespan and cost not greater than k, for any fixed 
e > 0. 
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3 Problem P3 with Discrete Processing Times 

In the case of discretely controllable processing times, the possible processing 
times and costs of an operation Oij are specified by a set of values Z\y = 
0 < < 1 for all k = 1,2,... ,w{i,j). When the pro- 

cessing time for operation Oij is pfj” = Skiij -I- (1 — Sk)uij, the cost is equal to 

4j = ^k4j + (1 - 4)c“ . 

For each operation O^j, let dij = min SijeAij{pfj^ + cfj'}- For every job Jj 
let dj = X^r=i dj- We partition the set of jobs into large C 

and small S jobs, where the set C includes the k jobs with the largest dj values, 
and fc is a constant computed as in Lemma 5 so that the set T containing the 
qk jobs with the next dj values has ex — s/™- The set of large jobs can 
be computed in 0(n/r|Z\max|) time, where |/imax| = maxy |2\yj. 

By dividing all c^'j values by parameter a, we can assume without loss of 
generality that the objective function for problem P3 is: minT(<T, (5) -I- C{5). 

Let and be the processing time and cost of operation Oij in an optimal 
solution. Let F* be the value of an optimal solution for P3. It is easy to see 

that F* < D and F* > ^YjijP\'o + 'l2ij 4j' > By dividing all execution 
times and costs by ZJ, we may assume that D = 1 and 

— < F* < 1. (4) 

m 

The following lemma shows that with 1 -|- 2e loss we can reduce the number 
of different costs and processing times for each operation (proof in appendix) . 

Lemma 6. With 1 -|- 2e loss, we assume that |2\yj = O(logn) for every Oij. 

Proof. To prove this claim, divide the interval [0, 1] into b subintervals as fol- 
lows, Ii = [0, — ^1, /2 = (— ^, —^(1 + e)l, h = (~^(1 + 111 where b 

is the largest integer such that ^^^(1 + e)^~^ < 1. Clearly b = 0(log n). We say 
that d is a choice for operation Oij if d S Z\y . For each operation Oij , partition 
the set of choices ziy into b groups gi, p 2 , ..., gt, such that d G Z\y belongs to 
group gh iff cfj falls in interval Ih, h € {1, ..., 6}. 

For each group take the choice (if any) with the lowest processing time and 
delete the others. The new set of choices has at most 0(min {|Z\yj, logn}) ele- 
ments and by using arguments similar to those used in the proof of Lemma 2 we 
can prove that with this transformation the cost of an optimum solution can be 
up to 1 -|- 2e times the optimum value for the original problem. The transformed 
instance can be computed in 0(n^|Z\max|) time. □ 

By using arguments similar to those used to prove Lemma 6 we can obtain, 
with l-|-2e loss, a new instance with 0(log fc) different costs and processing times 
for each large operation. Since there is a constant number of large operations, 
there is only a constant number of possible assignments of costs and processing 
times for them. 
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By trying all possible assignments of cost and processing times, we can find 
for each large operation Oij a processing time pij and cost such that pij < 

max{pJ-’(l + e),e/{mkfj,)} and Cy < c . Let us use the same definition of 
relative schedule given for the continuous case. Let R denote a relative schedule 
that respects the ordering of the large operations in some optimal schedule. For 
each small job Jj we define a set of at most 0{{glogn)'^) variables where 

s e Aj and S G Aj = {{ 6 ij,S 2 j, ... , | ^ij G Aij for alH = 1, . . . , g}. 

As in the continuous case we define a linear program LP'{R) to compute 
the processing times and snapshots for the small jobs. LP'{R) is obtained from 
LP{R) by deleting constraints (1), (3), and (6), and considering the following 
changes. Variable a;j,(s, 5 ) takes value 0 < / < 1 to indicate that a fraction / 
of operation Oij, i = 1 , . . . , g is scheduled in snapshot Si with processing time 
pfj. Let C be the cost function, i.e., C = 'E{s,s)eAixA Ef=i + 

'^j (SC Sf=i Cij- objective function is now to minimize Con- 

straint (2) is replaced with 



ti = pij, for all Jj G C,i = 1, ..., g. 

t.=aij 

As in Lemma 4, we can prove that any optimum solution of problem P3 is a 
feasible solution for LP'{R). The rest of the algorithm is as that described in 
the previous subsection 2.4. 

By using interior point methods to solve the linear program, we get a total 
running time for the above algorithm that is polynomial in the input size [1]. 
It is easy to check that similar results can be obtained if, instead of finding 
the optimum solution of the linear program, we solve it with a given accuracy 
e > 0. In the following section we show that we can solve approximately the 
linear program in 0(n|Z\max|) time. Therefore, for every fixed m, g and e, all 
computations (including Sevastianov’s algorithm [5]) can be carried out in time 
0(n| Aniaxl +»T-min{logn, | Z\max|} •/(£, m)), where f{e, ji, m) is a function that 

depends on e, /r and m. This running time is linear in the size of the input. 

Theorem 2. For any fixed m and g, there exists a linear time approximation 
scheme for P3 with discretely controllable processing times. 



3.1 Approximate Solution of the Linear Program 



In this section we show how to find efficiently a solution for LP'{R) of value no 
more than 1 -|- 0(e) times the value of the optimum solution for problem P3. To 
find an approximate solution for the linear program we rewrite it as a convex 
block-angular resource-sharing problem, and then use the algorithm of [4] to 
solve it with a given accuracy. A convex block-angular resource sharing problem 
has the form: 

A* = min |a fi ^or alH = 1, . . . ,N, and G Bfi j = 1, ..., k'^. 
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where ff : K’*' are N non-negative continuous convex functions, and are 

disjoint convex compact nonempty sets called blocks. The algorithm in [4] finds a 
(1 -|- p)-approximate solution for this problem for any p > 0 in 0{N {p~^ lnp“^-|- 
lniV)(iVlnln(7V/p)-|-it'F)) time, where F is the time needed to find a p-approxi- 

mate solution to the problem: min \x^ € B^'^, for some vector 

(pi,... ,pn) e 

We can write LP'{R) as a convex block-angular resource sharing problem 
as follows. First we guess the value V of an optimum solution of problem P3, 
and add the constraint: X]?=i it + C + 1 — V < X, to the linear program, where 
A is a non-negative value. Since 1/m < P < 1, we can use binary search on 
the interval [1/m, 1] to guess V with a given accuracy £ > 0. This search can 
be completed in 0(log(Mogm)) iterations by doing the binary search on the 
values: ^(1 -I- e), ^(1 -I- e)^, ..., 1. We replace constraint (5) of LP'{R) by 

(5’) + 1 — < A, for all (£, h) € Free{R) 

where 

= I] H H XjXs,s)pI‘j- 

JjGS {s,5)eEjXA 9=1 

Sq—i^rrigj —h 

This new linear program, that we denote as LP{R,V, X), has the above block- 
angular structure. The blocks B^ = I {s, S) S Sj x A, constraints (4) and 

(8) hold}, for Jj € S are (p|Z\niax|)^-dimensional simplicies. The block B^ = {< 
>|constraints (2) and (9) hold} has constant dimension. Let fe^h = 
Li^h + 1 — Since te < V < 1, these functions are non-negative. 

For every small job Jj, let f^{x^) = E(s. 5 ) 6 A,- xzi ELi For ev- 
ery {^,h) € Free{R), let = E(s. 5 )g^ xzv E'" ,=i XjA,s)pI]- For 

Sg=e,mqj=h 

every x° G B° let f^{x°) = J2i=i + SLi + ^ ~V, and for every 

{£, h) e Free{R), let = 1 — t(. All these functions are nonnegative. Now 

LP{R, V, X) is to find the smallest value A such that 

J2jges for all x’^ G B’^, 

SjjGS ^ for fol {£, h) G Free{R) and x’^ G B’^ . 

Using the algorithm in [4], a l-l-p, p > 0 approximation for the problem can be 
obtained by solving on each block B^ a constant number of block optimization 
problems of the form: min{p^P(x) | x G B-^}, where p is a (pj/imaxl + 1)- 
dimensional positive price vector, and /-^ is a (pjAmaxI + l)-dimensional vector 
whose components are the functions // , . 

Note that ,6° has constant dimension, and the corresponding block optimiza- 
tion problem can be solved in constant time. But, the blocks B^ for Jj € 5 do 
not have a constant dimension. To solve the block optimization problem on B-^ 
we must find a snapshot where to place each operation of Jj and determine its 
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processing time, so that the total cost plus processing time of all operations 
times the price vector is minimized. To choose the snapshots we select for each 
operation the snapshot in which the corresponding component of the price vec- 
tor is minimum. Then we select for each Oij the value 5ij that minimizes its 
cost plus processing time. This can be done in 0(|Z\max|) time for each block, so 
the algorithm of [4] finds a feasible solution for LP{R, + p) in 0{nw) time. 
Linear program LP{R, V,l + p) increases the length of each snapshot by p, and 
therefore the total length of the solution V + gp < (1-1- 2e)V*, for p = 
where V* is the optimal solution value. 

There is a problem with this method: we cannot guarantee that the solution 
found by the algorithm is basic feasible. Hence it might have a large number of 
fractional assignments. In the following we show that the number of fractional 
assignments is 0(n). Since the number of fractional assignments is 0(n), using 
the rounding technique described in [-5], we can obtain in linear time a new 
feasible solution with only a constant number of fractional assignments. 

The algorithm in [4] works by choosing a starting solution xq G and then 
it repeats the following three steps for at most 0{mglog{mg)) times: (step 1) 
use a deterministic or randomized procedure to compute a price vector p; (step 
2) use a block solver to compute an optimal solution of each block problem, 
(step 3) replace the current solution by a convex combination of the previous 
solutions. By starting from a solution xq in which every vector Xq G is an 
integer vector, for j yf 0, we get at the end at most 0(n • mglog(mg)) fractional 
assignments. To achieve the promised running time we additionally need that 
A(a;o) < cA* [4], where c is a constant and A(a;o) is the value of A corresponding 
to Xq. This is accomplished as follows. 

For convenience, let us rename jobs such that are the small jobs, 

where n = n — k. Choose the processing time and cost for every small 
operation Oij so that dij = p^P + cP . Put the small jobs one after the other in 

the last snapshot. Set tg = Sf=i ■ The large operations are sched- 

uled as early as possible, according to the optimal relative schedule R. Set 
each ti G {ti,t 2 , ...,tg_i} equal to the maximum load of snapshot £ according 
to the described schedule. By inequality (4), we know that ^ij — 1- 

Furthermore, we have J2e=i < V, since by construction 

cannot be greater than the optimal length and the costs of large opera- 
tions are chosen according to the optimal solution. Hence, + C < 1 -I- P, 

and + C + 1 — V <2, -I- 1 — < 1; so A(a;o) < 2. Since A* = 1, it 

follows that A(a;o) < 2A*. 
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Abstract. We show that, for any stochastic event p of period n, there 
exists a measure-once one-way quantum finite automaton (Iqfa) with at 
most 2\/6n + 25 states inducing the event ap + b, for constants a > 0, 
b> 0, satisfying a + b < 1. This fact is proved by designing an algorithm 
which constructs the desired Iqfa in polynomial time. As a consequence, 
we get that any periodic language of period n can be accepted with iso- 
lated cut point by a Iqfa with no more than 2\/6n + 26 states. Our results 
give added evidence of the strength of measure-once Iqfa’s with respect 
to classical automata. 

Keywords: quantum finite automata; periodic events and languages 



1 Introduction 

One of the main investigations in the field of quantum computing certainly 
deals with the study of the computational power of quantum devices with re- 
spect to their classical counterparts. In this sense, the results obtained by, e.g., 
Shor [18,19] and Grover [7] give evidences that the quantum paradigm might 
lead to faster algorithms. Nevertheless, it is reasonable to think that the first 
implementations of quantum machines will not be fully quantum mechanical. 
Instead, we can expect that they will consists of “expensive” quantum compo- 
nents embedded in classical devices (see, e.g., [3]). This motivates the study of 
the computational power of “small” quantum devices such as quantum finite 
automata (qfa’s). 

The simplest version of qfa’s are the one-way qfa’s (Iqfa’s) which are ba- 
sically defined by imposing the quantum paradigm — unitary evolution plus 
observation — to the classical model of one-way deterministic or probabilistic 
automata (Idfa’s and Ipfa’s, resp.). Two variants are considered: In the first 
one, called measure-once [5,17], the probability of accepting strings is evaluated 
by “observing” Iqfa’s just once, at the end of input scanning. In the measure- 
many model [4,5,12], instead, observation is performed after each move. In this 
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work, we will be concerned only with measure-once Iqfa’s. Thus, the attribute 
measure-once will always be understood. 

The question Iqfa’s vs. classical automata is usually tackled from two points 
of view: the recognizability of languages, and the size — number of states — of 
automata when they perform certain works. It is well known that, quite sur- 
prisingly, the class of languages accepted by Iqfa’s with isolated cut point is a 
proper subclass (group languages) of regular languages [5]. On the other hand, 
it is also well known that, in some cases, Iqfa’s turn out to be more succinct 
than Idfa’s and Ipfa’s. For instance, in [4], it is proved that accepting the lan- 
guage Lp = I /c S N and p is a fixed prime} with isolated cut point requires 
at least p states on Ipfa’s, while a Iqfa with O(logp) states for Lp is exhibited. 
Several other results are pointed out in the literature, that witness strength and 
weakness of Iqfa’s (see, e.g., [4,8,10]). Almost all of them are obtained by con- 
structing Iqfa’s accepting ad hoc languages or solving suitably defined problems. 

Here, we aim to give a general method for building succinct Iqfa’s that have 
a “periodic behavior” . More precisely: The stochastic event induced by a unary 
(i.e., with a single letter input alphabet) Iqfa A is the function p : N ^ [0, 1] 
defined, for any fc G N, as p{k) = probability that A accepts the string 1^. We 
are interested in designing unary Iqfa’s inducing periodic events^ i.e., events 
satisfying p{k) = p{k-\- n), for a fixed period n > 0 and any /c G N. Actually, we 
will be content with obtaining a “linear approximation” of p, that is, an event 
of the form ap + b, for some constants a > 0, 6 > 0, with a + b < 1. It is not 
hard to verify that, from a language acceptance point of view, the events p and 
ap + b are fully equivalent. 

We prove that, for any stochastic event p of period n taken as input, there 
exists a unary Iqfa A with at most 2^/6n + 25 states which induces ap + b, for 
some constants a > 0, b > 0, with a + b < 1. More precisely, we provide an 
algorithm which actually constructs A in polynomial time. To this purpose, we 
first show that any event induced by a unary Iqfa has a sort of normal form. We 
then display an algorithm which, in a first phase, computes some parameters in 
this normal form so to reproduce the harmonic structure of p. In a second phase, 
the algorithm turns the computed parameters into a well formed unary Iqfa A 
with at most 2'i/0n+2b states that induces ap + b. It is interesting to notice that 
the size of A is bounded by the size of difference covers for Z„, i.e., sets A C Z„ 
such that each element in Z„ can be obtained as the difference modulo n of two 
elements in A. 

This result allows us to give an upper bound on the size of Iqfa’s accepting 
periodic languages. A unary languages L is said to be periodic if it can be writ- 
ten as L = {1^ I fc G N and (fcmodn) G S}, for a fixed S C Z„. The reader is 
referred to, e.g., [9,15] where the relevance of periodic languages is emphasized. 
We show that any periodic language of period n can be accepted with isolated cut 
point by a unary Iqfa with no more than 2ff^+ 26 states. 

Our results once more witness the strength, by a quadratic state decreasing, 
of Iqfa’s with respect to classical automata. It is well known, for instance, that 
accepting n-periodic languages on Idfa’s requires at least n states. Furthermore, 
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when n is prime, we cannot hope to save states even by using Ipfa’s [4,16] or two- 
way nondeterminism [15]. For a more extensive discussion on these and other 
topics in relation to the question quantum vs. classical devices, we refer the 
reader to Section 5. 

The paper is organized as follows: In Section 2, we give basics on linear al- 
gebra, quantum finite automata, and difference cover. In Section 3, we present 
the polynomial algorithm to construct a 0{y/n)-sta,te Iqfa inducing a linear 
approximation of a periodic stochastic event given as input. In Section 4, we 
show how to recognize with isolated cut point periodic languages with 0{y/n) 
quantum states. Finally, in Section 5, we discuss our results in the light of quan- 
tum vs. classical question, and we point out some possible directions for future 
researches. 

2 Preliminaries 

2.1 Linear Algebra 

Here, we recall some basic notions on vector spaces and linear algebra. For more 
details, we refer the reader to any of the standard books on the subject, such 
as [13,14]. Given a complex number z G C, its complex conjugate is denoted 
by z*, and its modulus is \z\ = zz* . Let V be a vector space of finite dimension n 
on C. The inner product of vectors x^y G V, with x = {x\^X 2 , ■ ■ ■ ,Xn) and 
y = (?/i, ?/ 2 , ■ • ■ , 2/n)) is defined as (x,y) = X)r=i Vi - norm of x is defined 
as II a; II = y/{x,x). If {x,y) = 0 (and || x || =|| y || = 1) then x and y are 
orthogonal {orthonormal). A decomposition ofV is a set {5i,52, . . . ,Sk} {k < n) 
of mutually orthogonal subspaces of V such that each x GV can be written as 
the sum of the projections of x onto each Si. 

We denote by the set of complex matrices having m rows and n 

columns. Given two matrices M G and N G C”^”, their direct sum is the 

block diagonal matrix M(BN G having M and N on its main di- 

agonal and 0 elsewhere. Let us introduce some properties of normal matrices that 
will turn out to be useful in what follows. We denote by G the conju- 

gate transpose of the matrix M. If MM^ = M then M is said to be normal. 
Two important subclasses of normal matrices are the unitary and the Hermi- 
tian matrices. A matrix M is said to be unitary whenever MM^ = I = M^M., 
where / is the identity matrix. The eigenvalues of unitary matrices are com- 
plex numbers of modulus 1, i.e., they are in the form e’'^ , for some real d. This 
fact characterizes the class of unitary matrices if we restrict to normal matri- 
ces. Alternative characterizations of normal and unitary matrices are contained, 
respectively, in 

Proposition 1. [14, Thm. 4.10.3] A matrix M G is normal if and only 

if there exists a unitary matrix X G such that M = XDX^ , where 

D = diag(jzi, 1 ^ 2 , ... , Vm) is the diagonal matrix of the eigenvalues of M . 

Proposition 2. [14, Thms. 4.7.24, 4.7.14] A matrix M G is unitary if 

and only if: 
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(i) its rows are mutually orthonormal vectors; 

(ii) II xM II =11 X II , for each vector x G 

A matrix M is said to be Hermitian whenever M = . All the eigenvalues 

of an Hermitian matrix are real. An Hermitian matrix is positive semidefinite if 
and only if all its eigenvalues are non negative. Alternative characterizations are 
contained in 

Proposition 3. [13, Thms. 4.12, 4.8] An Hermitian matrix M G Qrnxm 
positive semidefinite if and only if: 

(i) xMx^ > 0, for each vector x G 

(ii) M = YY\ for some matrix Y G (Cholesky factorization) . 

Let u! = e®^ be the n-th root of the unity (w” = 1), and define the matrix 
W G C"^” whose (r, c)-th component is for 0 < r, c < n. The discrete 
Fourier transform of a vector x G is the vector Wx. The inverse dis- 

crete Fourier transform of x is the vector {\/n)W'^x. It is easy to verify that 
{l/n)W^W = 1 = W{l/n)W'^. 

Let / : N — > C be a periodic function of period n, i.e., for any fc G N, 
f{k) = f{k + n) holds true. We say that / is n-periodic, for short, and it can 
be represented by the column vector (/(O), /(I), . . . , f{n — 1)). It is well know 
that / can be expressed as a linear combination of trigonometric functions by 
using the discrete Fourier transform and its inverse. More precisely: 

. n — 1 

= ( 1 ) 

j=0 

where (F(0), F(l), . . . , F{n — 1)) = IF(/(0), /(I), . . . , f{n — 1)). We define the 
support set Supp(F) = {j G Z„ | F{j) yf 0}. Thus, Equation (1) can be equiv- 
alently written as f{k) = ^/nJ^jeSuppiF) ■ The reader is referred to, 

e.g., [1, Clip. 7] for more details on the discrete Fourier transform and its rele- 
vance from a computational point of view. Here, we just recall that computing 
the discrete Fourier transform of n-dimensional vectors requires O(nlogn) se- 
quential time. 

2.2 Difference Cover 

The set A C Z„ is a difference cover for Z„ if, for each i G Z„, there exist two 
elements x,x £ A such that i = x — x { mod n). 

The problem of covering by differences Z„ is well studied in the literature. 
Its relevance is also due to connections with some mutual exclusion issues in 
distributed systems, especially concerning quorums [6]. In [20], Wichmann pro- 
poses the following sequence of integers, for any r > 0 (a;’' here means xx - ■ - x 
repeated r times): a = V (r-|-l)^ (2r-|-I)'' (4r-|-3)^'’“''^ (2r-|-2)’’+^ H. From cr, con- 
struct the set D of 6r-|-4 integers by setting oi = 0, and a^+i = ai-\-bi for I < i < 
6r-|-3, where bi is the i-th element of a. It is easy to see that a^r+i = I2r^-|-I8r-|-6. 
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The set D has the remarkable property that, for any 1 < d < 12r^ -|- 18r -|- 6, 
there exist a,b G D such that d = a — b. 

In [6], Colbourn uses this fact to show that, for any n < 24r^ + 36r -|- 13, D 
is a difference cover for Z„. This is basically due to the fact that, given d G Z„, 
d or — d can be represented by a positive integer less than or equal to 12r^ -|- 
18r -I- 6. Hence, to find a difference cover for any Z„, it is enough to choose the 
smallest r satisfying 24r^-|-36r-|-13 > n, and then to construct the corresponding 
set D with 6r -|- 4 elements. Simple arithmetics shows that 6r -|- 4 < \/1.5n + 6, 
hence: 

Theorem 1. [6, Thm. 2.4] For any n > 0, there exists a difference cover for Z„ 
of cardinality at most ffl.bn + 6. 

2.3 Quantum Finite Automata 

In this paper, we are interested in measure-once quantum finite automata [4,5,17] . 
Roughly speaking, in this kind of automata, the probability of acceptance is 
evaluated only at the end of the computation. In the literature, measure-many 
automata are also considered [2,4,5,12], where such an evaluation is taken after 
each move. Hereafter, the attribute measure-once will always be understood. 

The “hardware” of a one-way quantum finite automaton is that of a classical 
finite automaton. Thus, we have an input tape which is scanned by an input head 
moving one position right at each move^, plus a finite state control. Formally: 

Definition 1. A one-way quantum finite automaton (Iqfa, for short) is a quin- 
tuple A = {Q, S,7 t{ 0),S,F), where 

~ Q = {si, S 2 , . . . , Sg} is the finite set of states, 

— E is the finite input alphabet, 

— 7t(0) G with ||7:'(0)||^= 1, is the vector of the initial amplitudes of the 

states, 

— F C Q is the set of accepting states, 

— S:QxExQ—^C is the transition function mapping into the set of 

complex numbers having square modulus not exceeding 1; 5{si,a,Sj) is the 
amplitude of reaching the state Sj from the state Si, upon reading a. The 
transition function must satisfy the following condition of well-formedness: 
for any a G E and 1 < i,j < q, Sk) S*{sj,a, Sk) = 1 if i = j , 

and 0 otherwise. 

It is often useful to express the transition function on every a G E a,s the 
transition matrix U{a) G whose (f, j)-th entry is the amplitude d(si, a, sj). 

Since <5 satisfies the condition of well-formedness, the rows of each U{a) are 
mutually orthonormal vectors and hence, by Proposition 2(i), U (cr) ’s are unitary. 
The Iqfa A can thus be represented as a triple A = (7t(0), rjp), where 

r]F G {0, l}"^i is the characteristic vector of the accepting states. 

^ This kind of automata are sometimes referred to as real time automata [8,17], stress- 
ing the fact that they can never present stationary moves. 
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Let us briefly discuss how our Iqfa A works. At any given time t, the state of A 
is a superposition of the states in Q and is represented by a vector 7r(f) of norm 1 
in the Hilbert space P{Q)'. the i-th component of 7r(t) is the amplitude of the 
state Si- The computation on input x = X\X 2 ■ ■ - Xn G S* starts in the superposi- 
tion 7t(0). After k steps, i.e., after reading the first k input symbols, the state of 
A is the superposition 7r(fc) = n{0)U{xi)U{x2) ■ ■ ■ U{xk)- Since || 7r(0) || = 1 and 
U{xi)’s are unitary matrices. Proposition 2(ii) ensures that || Tr{k) || = 1. When A 
enters the final superposition 7r(n) = 7t(0) Ili=i U{xi), we observe A by the stan- 
dard observable O = {/^(F), P{Q \ F)}. O is the decomposition of l‘^{Q) into the 
two subspaces spanned by the accepting and nonaccepting states, respectively. 
The probability of accepting x is given by the square norm of the projection of 
7r(n) onto P{F). Formally, Pacc{x) = \ (r,p),=i} K’^(O) Y\l=i U{xi))j\^, where 

the subscript j denotes the j-th vector component. 

A stochastic event is a function p : S* — > [0, 1]. The stochastic event induced 
or defined by the Iqfa A is the function p _4 : E* — > [0, 1] defined, for any x G E*, 
as pa{x) = Pacc{x). The language accepted by A with cut point A > 1/2 is the 
set La,\ = {x G A7* I pa{x) > A}. A language L is said to be accepted by A with 
isolated cut point A, if there exists £ > 0 such that, for any x G L (x ^ L), we 
have pa{x) > A -I- £ (< A — £). 

A Iqfa A is unary if |A7| = 1. In this case, we let E = {1}, and we can 
write A = since we have a unique transition matrix U. With a 

slight abuse of notation, we write k for the input string 1^. The probability of 
accepting k now writes as 



Pacc{k)= (2) 

ft I (r?Fb = l} 

The stochastic event induced or defined by the unary automaton A is the 
function : N ^ [0, 1], with p^(fc) = Pacc{k). 

A stochastic event p : N — > [0, 1] is said to be n-periodic if it is an n-periodic 
function. A unary language is a set L C 1*. T is n-periodic if there exists a set 
S' C Z„ such that L = {/c G N | (fcmodn) G S}. 

3 Synthesis of Iqfa’s from Periodic Events 

The first problem we shall be dealing with is the synthesis of Iqfa’s inducing 
given periodic stochastic events. As a matter of fact, we will consider a relaxed 
version of this problem where, given a periodic event p, we aim to obtain a Iqfa 
inducing ap -\- b, for some reals a > 0, b > 0 satisfying a -I- 6 < 1. 

If p is taken to be n-periodic, then it can be specified as input for the problem 
by providing the column vector (p(0),p(l), . . . ,p(n— 1)). Thus, formally we state: 

Synthesis from events (SynE) 

■k Input: An n-periodic stochastic event (p(0),p(I), . . . ,p{n — I)). 

* Output: A Iqfa A inducing the event ap-\-b, for some reals a > 0, 6 > 0, 
with a -\- b < 1 . 
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Let us now prepare some tools to approach the problem. First of all, we point 
out some closure properties on the stochastic events induced by Iqfa’s: 

Proposition 4. Let p and p be two stoehastic events induced, respectively, by 
the Iqfa’s A = (tt, {C/(cr)}^g^, 77 ) and A = Then there exist 

Iqfa’s inducing the stochastic events 1—p and ap + fdp, where a and (3 are non 
negative reals such that a + P = 1 . 

Proof. It is easy to see that the event 1 — p is induced by the Iqfa A = 
(Tr,{17(cr)} aGS’’ is the bitwise negation of 77 , while the event ap+Pp 

is induced by the Iqfa aA + PA = {{^/air , y/pir) , {U (a) 0 (p,p)). □ 

At this point, a quick comment on the relevance of SynE is in order. From a 
language recognition point of view, the events p and ap+b are equivalent in the 
following sense: Suppose we have a unary Iqfa A accepting the language and 
suppose we are able to construct a unary Iqfa Ai inducing the event apA + b. By 
setting Ai = aX + b, it is easy to see that La^m = La,\- Here, a technical detail 
should be considered. As stated in Section 2.3, we must require that Ai > 1/2. 
If the opposite is true, by Proposition 4, we construct the Iqfa A 2 = \A\ + \U, 
where U ’is & single state Iqfa realizing the event pu{x) = 1, for any x S S* . We 
have PA 2 = l/2(apAl + 6 ) + 1/2 and, by setting A 2 = (l/2)Ai + 1/2, one easily 
get La 2 ,X 2 = La,\- III other words, solving SynE enables us to obtain unary 
Iqfa’s accepting unary languages defined by a precise stochastic event. 

Now, we show that the stochastic events induced by unary Iqfa’s have a sort 
of normal form. In what follows, we denote by Mij the (f,j)-th entry of the 
matrix M and by Xi the i-th component of the vector x. 

Proposition 5. Letp be a stochastic event induced by a unary Iqfa A= (tt, U, rj) 
with q states. Then, for any fc G N, p{k) = X)i<s t <5 where B is 

an Hermitian positive semidefinite matrix. 

Proof. From Equation (2) in Section 2.3, the stochastic event induced by A 
writes as p{k) = \ rij=A Since 17 is a unitary matrix, by Propo- 

sition 1, we can write U = X diag(e®'^i , e®’’^ , ■ • • , e*’’’) Xp where is a unitary 
matrix and e*’’ ’s are the norm 1 eigenvalues of U. Thus, 

U’^ = X diag(e*'=’’i , , . . . , I , 



p{k)= l(^^cliag(e*'=’’^e*'=’’^...,e*'=’’«)7^t),f (3) 

{3 I '73 = 1 } 

By letting f = nX and substituting in (3), we get 
{3 I '73 = 1} 
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{J I ’?.=!} V«=i / V‘=i / 

l<s,t<q {j I rjj = l} 

Now, define the matrix B as 

B,t= Y. 

b I Vj=i} 



for 1 < s, t < (7. It is easy to verify that B = B\ and hence B is Hermitian. To 
prove that B is positive semidefinite, by Proposition 3(i), it is enough to show 
that xBx"^ > 0, for any x S 



xBx^ 



E 

l<s,t<q 







X 



* 

t 



b I v,=i} \s=i 




* 



E 



b I vj=i} 









S=1 



2 

> 0 . 



□ 

We are now ready to concentrate on SynE. Recall that our aim is to build a 
unary Iqfa A which induces ap + b, for some reals a > 0, b > 0, with a + 6 < 1, 
and an n-periodic stochastic event p : N -s- [0, 1] given as input. 

We start by observing that the event p is an n-periodic function and hence, 
according to Equation (1) in Section 2.1, it expands as 

- n— 1 

p{k) = -Ym^-'^\ (4) 

for (P(0),P(1), . . . ,P{n— 1)) = W(p(0),p(l), . . . ,p{n — 1)). On the other hand, 
in the light of Proposition 5, to be induced by a unary Iqfa, the event p must 
have the form 

p{k)= Y (5) 

for some real "d’s and an Hermitian positive semidefinite matrix B. These obser- 
vations lead us to design an algorithm consisting of two parts. In the first part, 
we compute z?’s and B so that Equation (5) exactly reproduces Equation (4). In 
the second part, we construct from such 'd’s and B a well formed Iqfa inducing 
ap + b. 
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First Part of the Algorithm 



★ Input (p(0),p(l), ...,p{n- 1)) 

STEP 1 Compute (P(0), P(l), . . . , P{n — 1)) = IF(p(0),p(l), . . . ,p{n — 1)), the 
discrete Fourier transform, and let Supp(P) = {j € Z„ | P{j) ^ 0}. 

STEP 2 Find a difference cover A = {ai, 02 , . . . , a,} for Z„. 

STEP 3 For each 1 < t < g, let = —^at- 
STEP 4 For each j GSupp(P), let 

-^(j) = I 0'S, at e A and j = as - a* (modn)}|, 



and, for 1 < s,t < q, compute 



Bst 



n ^ ^ Supp(P) and j = as -at { mod n) 

0 otherwise. 



It is easy to verify that B € is an Hermitian matrix: to see that Bgt = 

Bts*, it is enough to notice that P(j) = P*(— jmodn) andA^(j) = A^(— jmodn), 
for each j G Zn- By plugging -d’s obtained at step 3 and B obtained at step 4 
into Equation (5), we get exactly p{k) as in Equation (4). 

Now comes the second part of the algorithm. We show how to build a Iqfa 
A = (tt, U, 77) inducing ap+b from t)’s and B computed in the first part. There are 
two ways of reconstructing A, depending on whether B is positive semidefinite 
or not. 



Second Part of the Algorithm 



STEP 5. A If B is positive semidefinite Then 

~ Find a matrix Y G satisfying YY^ = B. Such Y exists by Propo- 
sition 3(ii). 

— Construct the 2q x 2q matrix M = ^ ^ ^ , where the row vectors Mi G 

Qix 2 g mutually orthogonal. To get this, the first q rows of M can be 
computed by setting the lower triangular matrix B G as 

r 1 if i = j 

= <-{Yi,Yj)- Ei=i EikEjP if i>j 

[ 0 otherwise, 

where Yi is the i-th row of Y. At this point, we can take the q rows 
of F as an orthogonal basis of the subspace which is orthogonal to that 
spanned by the vectors Mi, M2 , . . . , Mg. Such a task can be performed 
by using standard tools in linear algebra (see, e.g., [13]). 

— Define Xj = Mi/ || Mi || the *-th row of the 2q x 2q unitary matrix AC 
Unitarity of comes from the fact that we are constructing its rows as 
mutually orthonormal vectors, and hence Proposition 2(i) applies. 
Define also the vectors ^ G and rj G as 



r II Mi II for i<q ^ fori<q 

\ 0 otherwise * ^0 otherwise. 
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— Compute the vector tt = where C = l/llf II ■ 

★ Output A = (tt, XDX\r]), where D = diag(e®’’i , . . . , e*'^«, 1 , . . . , 

Output also (X 1 1 ^"| |2 ■ q— times 

Fact. It is not hard to see that .4 is a well formed Iqfa: First, notice that tt 
is obtained by multiplying the norm 1 vector ^ by the unitary matrix Xb 
Hence, by Proposition 2(ii), || tt || = 1. Next, notice that the transition matrix 
XDX^ is unitary, being the product of unitary matrices. A has 2q states 
and it is easily seen to induce the event ap, with 0 < a = < 1 . 

STEP 5.B If B is not positive semidefinite Then 

— Find two Hermitian positive semidefinite matrices G,H G such 

that B = G-H. 

These two matrices can be constructed as follows. Since B is an Hermi- 
tian matrix, by Proposition 1, we can write B = Xdiag(j^i, 1x2, ■ ■ ■ , iXq)X^ , 
where v's are the real eigenvalues of B and X is a unitary matrix. De- 
fine D+ = diag(ui, U2, • • ■ , Ug), where Vi = Vi if Vi > 0, and 0 otherwise. 
Set D~ = D'^ — D. Let G = XD^X"^ and H = XD~XK It is easy to see 
that B = G — H , and that both G and H are Hermitian. Moreover, one 
can easily verify that, for each x € both xGx^ > 0 and xHx^ > 0 

hold true. Hence, by Proposition 3(i), G and H are positive semidefinite. 
— Perform step 5 . a by having as input G and H. This yields two 2g-state 
Iqfa’s A\ and A2 inducing, respectively, the events aipi and 02^2, with 
0 < oi, 02 < 1 and pi — P2 = P- 

— Let U be the 1-state Iqfa inducing the event pu{k) = 1, for any fc > 0. 
Use Proposition 4 to construct the following Iqfa’s: 

If ai < 02 Then 

— construct A3 = ^A2 + (1 — -^3 has 2q+l states and induces 

the event oiP2 + — |j)- 

— construct A3, i.e., the (2g-|-l)-state Iqfa inducing 1— = ^—a\P2- 

★ Output Aa = \Ai + 5M3. Output also a = ^ and b = 

If oi > 02 Then 

— construct A3 = ^Ai + (1 — A3 has 2q+l states and induces 
the event 02P1 + (1 — ^)- 

— construct A2, i.e., the 2g-state Iqfa inducing 1 — 02^2- 

★ Output A4 = ^As + ^A2 ■ Output also o = ^ and 6=1 — ^ . 

Fact. It is easy to see that, in both cases, A4 is a (4g -|- l)-state Iqfa inducing 
the event ap + b, for o, 6 > 0, with o -I- 6 < 1. 

In conclusion, the above algorithm provides a constructive proof of the fol- 
lowing 

Theorem 2. For any n-periodic event p, there exists a unary Iqfa with at most 
2^/6n + 25 states inducing ap + b, for some reals o > 0, 6 > 0, with a + b < 1. 
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Proof. We use our algorithm to construct a Iqfa A for ap + b. As one may easily 
see, A has at most Aq + 1 states, where q is the cardinality of a difference cover 
for Z„. By Theorem 1, g is bounded above by Vl-Sn + 6, whence the result. □ 

We end with a quick evaluation of the complexity of our algorithm. 

First Part of the Algorithm: Computing the discrete Fourier transform 
at STEP 1 requires O(nlogn) time, as observed in Section 2.1. The operations 
at STEPS 3, 4 are easily seen to require polynomial time. Finally, at step 2, we 
can construct a difference cover for Z„ in polynomial time by using Wichmann’s 
sequence, as addressed in Section 2.2. 

Second Part of the Algorithm: The hardest tasks at steps 5. a, 5.b are 
basically to solve some problems from linear algebra, such as: Cholesky factoriza- 
tion, computation of basis for orthogonal subspaces, decomposition of Hermitian 
matrices. For all these tasks, polynomial time algorithms can be obtained from 
the literature (see, e.g., [11]). 

This enables us to conclude that a (2-\/fe-|-25)-state Iqfa for the event ap + b 
can be constructed in polynomial time. 



4 Synthesis of Iqfa’s from Periodic Languages 

We now focus on accepting periodic languages, i.e., unary languages in the form 
L = {fc G N I (A: mod n) G S'}, for a fixed S C Z„. As recalled in the introduction, 
recognizing n-periodic languages by Idfa’s takes at least n states. Moreover, in 
some cases, e.g. when n is a prime, even using Ipfa’s (or also two-way nondeter- 
minism) does not help in saving states. 

By using the results in the previous section, we are always able to design 
Iqfa’s with 0(-\/n) states and isolated cut point for n-periodic languages, as 
proved in the following 

Theorem 3. Any n-periodic language can he accepted with isolated cut point 
on a Iqfa having no more than 2'i/0n-\- 26 states. 

Proof. With each n-periodic language L = {fc € N | (fcmodn) G S}, for some 
S' C Z„, we can associate the n-periodic event p defined, for each fc > 0, as 
p{k) = 1 if (fcmodn) G S, and 0 otherwise. By Theorem 2, there exists a Iqfa A, 
with no more than 2>/fe -|- 25, that induces ap b, for some reals a > 0, 6 > 0, 
a b < 1. If 6 -I- a/2 > 1/2, we let A = 6 -I- a/2 and e = a/2. Otherwise, we 
construct the automaton Ai = ^A-\- \U by adding one more state to the states 
of A, and we let A = 6/2 -|- a/4 -1-1/2 and e = a/4. It is easy to verify that A or 
A\ accepts L with cut point A > 1/2 isolated by e. □ 



134 Carlo Mereghetti and Beatrice Palano 



5 Some Concluding Remarks and Open Problems 

In this work, we have provided a polynomial time algorithm for constructing 
small Iqfa’s that induce periodic stochastic events or accept periodic languages. 
More precisely, we have shown that any n-periodic event can be induced by 
a Iqfa with at most 2\/^+ 25 states, while any n-periodic language is accepted 
with no more than 2^/^ + 26 states. 

These results point out that, on a wide class of problems, Iqfa’s are quadrat- 
ically more succinct than corresponding deterministic automata^. In fact, it is 
well known that any Idfa recognizing an n-periodic language must have at least n 
states. 

More can be said even on the question quantum vs. probabilistic automata. 
As proved in [4], for any given prime p, the language Lp requires at least p 
states to be accepted on Ipfa’s with isolated cut point. This clearly implies the 
same state lower bound to induce p-periodic events by Ipfa’s. Our results show 
that Iqfa’s can be built that induce p-periodic events using only 0{y/p) states. 
Moreover, we have used this fact to accept p-periodic languages with isolated 
cut point on C>(^)-state Iqfa’s. 

It should be noticed that, by using ad hoc techniques on ad hoc problems, we 
can sometimes obtain even more succinct Iqfa’s. For instance, in [4], a O(logp)- 
state Iqfa for Lp is exhibited. However, due to its generality, we cannot expect 
our method to be so “state-saving”. Nevertheless, it can be used as a tool to 
generate small quantum machines that can eventually serve as starting points for 
further refinements. Yet, we feel that our method could be of help in approaching 
open questions on quantum finite automata, some of which are quickly suggested 
hereafter: 

— How to construct Iqfa’s exactly inducing given periodic stochastic events? 

— How to obtain Monte Carlo Iqfa’s (a more “reliable” version of isolated cut 
point Iqfa’s, see [8]) accepting periodic languages? 

— What about the size of the resulting Iqfa’s? 

— What about the size of minimal Iqfa’s inducing periodic stochastic events 
or accepting periodic languages? 
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Abstract. P systems are computational models inspired by some bi- 
ological features of the structure and the functioning of real cells. In 
this paper we introduce a new kind of communication between mem- 
branes, based upon the natural budding of vesicles in a cell. We define 
the operations of gemmation and fusion of mobile membranes, and we 
use membrane structures and rules over strings of biological inspiration 
only. We prove that P systems of this type can generate all recursively 
enumerable languages and, moreover, the Hamiltonian Path Problem can 
be solved in a quadratic time. Some open problems are also formulated. 



1 Introduction 

The P systems were recently introduced in [7] as a class of distributed parallel 
computing devices of a biochemical type. The basic model consists of a mem- 
brane structure composed by several cell-membranes, hierarchically embedded in 
a main membrane called the skin membrane. The membranes delimit regions and 
can contain objects, which evolve according to given evolution rules associated 
with the regions. Such rules are applied in a nondeterministic and maximally 
parallel manner: at each step, all the objects which can evolve should evolve. 

A computation device is obtained: we start from an initial configuration and 
we let the system evolve. A computation halts when no further rule can be ap- 
plied. The objects in a specified output membrane (or expelled through the skin 
membrane) are the result of the computation. 

Many basic variants are considered in [7], [8], and [10]. Further extensions 
are defined in [6], [9], [15], where polynomial (or even linear) time solution for 
some NP-complete problems are proposed. 

A survey and an up-to-date bibliography can be found at the web address 
http : / /bioinf ormat ics . bio . disco . unimib . it/psystems. 

Up to now, in all the variants of P systems only the direct communication of 
objects through membranes has been considered: an object can exit the mem- 
brane where it is placed and enter the upper level region, or it can enter a lower 

A. Restive, S. Ronchi Della Rocca, L. Roversi (Eds.): ICTCS 2001, LNCS 2202, pp. 136-153, 2001. 
© Springer- Verlag Berlin Heidelberg 2001 



P Systems with Gemmation of Mobile Membranes 



137 



level region. Such communications are defined by means of target indications 
in/out attached to the evolution rules of the system. The aim of the present 
work is to introduce a new kind of communication between membranes and to 
keep the definition of P systems closer to the real structure of cells. 

The notion of mobility was first introduced into P systems area in [11], where 
a link was established between P systems and Ambient Calculus (see, e.g., [1]). 
In that paper, the creation of travelling cells was proposed in order to get direct 
and secure communications of objects between non-adjacent membranes, both 
provided with a common shared key. The passage and the possible consequent 
modification of objects along the path between the two membranes was thus 
avoided. 

In this paper we do not consider any security feature, instead we want to 
introduce a different definition of mobile membranes, based upon a biological 
process of alive cells. Cellular membranes are selectively permeable to many 
small substances as water and ions, but not to bigger ones as proteins (see, 
e.g., [14]). Such substances are communicated inside or outside the cell by means 
of vesicles, which are little parts of a membrane, encased on their cytosolic 
face by a specific protein that causes their budding from the membrane. When 
the vesicle fuses with its target membrane, the carried proteins are introduced 
inside it, where they can be modified by other chemical reactions. Many cellular 
compartments use this kind of communication, in particular this is the case 
of the Golgi apparatus ([12]), a stack of distinct elementary membranes (i.e. 
membranes without other membranes inside) where, in sequence, many proteins 
are stepwise modified and then sent to another Golgi-region. Specifically, only 
the substances that have completed their “maturation path” inside the current 
region can be communicated by a vesicle to the next destination. For example, 
only the proteins that have reached their exact folding can enter a budding 
vesicle, otherwise they will remain inside the current Golgi-region. 

In order to simulate all these natural features, we consider P systems with 
simple membrane structures (the skin membrane can only contain elementary 
membranes) and with operations on strings of a biochemical inspiration, such 
as mutation, replication and splitting rules. Moreover, we define a meta-priority 
between the set of classical evolution rules and the set of pre-dynamical rules, 
which are the rules that give rise to the gemmation of mobile membranes (that 
is, the budding of vesicles in the cell). The meta-priority is needed to the aim 
of simulating the completion of the maturation path of an object. After a pre- 
dynamical rule has been used, the phases of gemmation and fusion of mobile 
membranes take place. In particular, the output of the system is due to the 
fusion of a mobile membrane with the skin membrane: this process causes the 
release of the objects outside the system. The set of strings that exit the skin 
membrane is the language generated by the system, as usual in P systems with 
external output ([10]). 

We show that the obtained system is able to generate every recursively enu- 
merable language and that it can be used to solve NP-complete problems in 
polynomial time. In particular, we prove this by showing how to solve the Hamil- 
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tonian Path Problem in a quadratic time with respect to the input length. A so- 
lution to this problem was also proposed, for a different variant of P systems, 
in [2], 

2 Definition 

We refer to [ 13 ] for formal language theory prerequisites, we only mention here 
that we denote by V* the free monoid generated by the alphabet V under the 
operation of concatenation. The empty string is denoted by A and = P* — {A} 

is the set of non-empty strings over V. 

A membrane structure ^ is a construct consisting of several membranes hier- 
archically embedded in a unique membrane, called a skin membrane. We identify 
a membrane structure with a string of correctly matching square parentheses, 
placed in a unique pair of matching parentheses; each pair of matching parenthe- 
ses corresponds to a membrane. We can also associate a tree with the structure, 
in a natural way; the height of the tree is the depth of the structure itself. In 
order to stay close to the structure of a real cell, in this paper we will consider 
only membrane structures of depth 2, with the skin membrane always labelled 
with 0 and the inner membranes injectively labelled with numbers in the set 
{!,... ,n}. 

Each membrane identifies a region, delimited by it and the membrane imme- 
diately inside it. If we place multisets of objects in the region from a specified 
finite set V, we get a super-cell. A super-cell system (or P-system) is a super-cell 
provided with evolution rules for its objects. 

We will work with string-objects, so with every region i = 0 , 1 , . . . , n of /r we 
associate a multiset of finite support over V* , that is a map Mi : V* ^ N 
where Mi = {[xi,Mi{x\)), . . . ,{xp,Mi(xp))}, for some Xk G V~^ such that 
Mi{xk) > 0 V/c = 1 , . . . ,p. 

We will use three types of operations on strings over V, which were first consid- 
ered in [2]: 

1 . Mutation: a mutation rule is a context-free rewriting rule r^ '■ a ^ u, 
where a £ V and u £ V* . For strings wi,W2 £ V~^ we write wi W2 
if wi = xiax2 and W2 = xiux2, for some xi, X2 £ V* . 

2. Replication: if a € P and U\,U2 £ P'*', then : a ^ ui || U2 is called a 
replication rule. For strings u>i,u'2,W3 £ V~^ we write w\ =>r-r {w2,w?,) (and 
we say that wi is replicated with respect to rule r^) if wi = a;iaa;2, W2 = 
X1U1X2 and W3 = X1U2X2 for some xi,X2 £ V*. 

3 . Splitting: if a € P and U\,U2 £ , then : a ^ ui : U2 is called a 

splitting rule. For strings wi,W2,W3 £ P"*" we write w\ (1^2, W3) (and 
we say that wi is split with respect to rule Cg) if wi = xiaX2, W2 = x\Ui 
and W3 = U2X2 for some a;i,a;2 £ V*. 

Note that only replication and splitting rules increase the number of strings, 
while mutation rules can delete symbols. When using such operations in P sys- 
tems, we will add target indications to rules, indicating the regions where the 
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resulting strings will be communicated at the next step. 

With each region i = of the membrane structure we associate two 

distinct sets of rules: 

1 . A set Ci of classical evolution rules, that is a set of mutation, replication and 

splitting rules of the form a — > a, with a G {(u, tar), (ui || U2] tari,tar2), (ui : 
U2',tari,tar2)}, where u,u\,U2 are strings over V (as defined above) and 
tar,tari,tar2 G {here, out} if i = tar,tar\,tar2 G (here, out} U 

{ini, ■ ■ ■ , inn} if i = 0 . 

2 . A set of pre-dynamical evolution rules, that is a set of mutation, replica- 
tion and splitting rules of the form a a', with a' G {(u, here), {ui || U2] 
here, here), (ui : U2', here, here)}, where, following the above notations for 
strings and substrings, it holds that xi = X (or X2 = X), u and at least one 
string between ui,U2 belong to {@j} ■ V* (respectively V* ■ {%}), where @j 
is a special symbol not in V and j G { 0 , 1 , . . . , n},j ^ i. 

We point out that a pre-dynamical rule can introduce the special symbol @j 
only at the ends of the string, that is the reason why we ask for X\ or X2 
to be empty words. Note that if i = 0 , then the set Dq is empty, that is no 
pre-dynamical rule is defined inside the skin membrane. 

Once the symbol as been introduced by a pre-dynamical rule in membrane 
i, for j ^ i, inside the P system we have two sequential and dynamical commu- 
nication processes carried out by a mobile membrane, which we write as a couple 
of well-matching round brackets {ij. . .)ij, where i is the label of the originating 
membrane and j is the label of the target membrane. The communication steps 
are defined by means of the following rules: 

1 . Gemmation of a mobile membrane: 

[q. . . [i . . . , W@j , . . .]i . . .]q [q. . . [2. . U) )i,j . . .]o 

for some i G {f, . . . , n},j G { 0 , 1 , ... , n},j ^ i,w G V~^. 

During this first phase the symbol @j is removed, its subscript becomes the 
second label of the mobile membrane, the string w leaves membrane i and 
enters the freshly created mobile membrane. 

If there are more than one string as wi@j, ... , Wk@j inside membrane i, all 
of which directed to the same target membrane j, then a single common 
mobile membrane will be budded off from membrane i: 

[0 ■ ■ ■ [i ■ ■ ■ J ’^1 5 ■ ■ ■ 5 UJk@j , ■ ■ .]i . . .]o [0 ■ ■ ■ [i- ■ ■]« (i,j 7 ■ ■ ■ ^ '^k)i,j ■ ■ -]o ■ 

Otherwise, if inside membrane i there are strings , . . . , Wh@j^. {h > k) 

such that ji,...,jk are pairly distinct, then k distinct mobile membranes 
will be gemmated, each one containing the strings directed to the specified 
membrane: 

[o...[^...,Wl@J,,...,Wh,@J^,..., Wh^ , . . . , Wh@j^ ,...]*.. .]o 
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[o - ■ • [i - ■ Wi, , Whi)iji . ■ ■ i ■ • • j ’U>h)i,jk ■ ■ -lo- 

Exactly analogous is the symmetrical case when a membrane i, for some 
i e contains one or more strings of the form @jW, for some 

j S Obviously the same holds when a membrane i contains 

some strings of both forms. 

2. Fusion of the mobile membrane: 

[o- ■ • ■ ■ -]j ■ ■ -lo [o- ■ .[j. . . tW, . . .]j . . .]o 

for some i € {1, . . . , n},j € n},j ^ i,w £ E+. 

During this second phase the mobile membrane becomes a part of the target 
membrane, leaving its contents inside it. 

In particular, if j = 0 the mobile membrane fuses with the skin membrane 
and the objects exit the system. In this way we simulate the biological process 
of exocytosis and hence we have the (external) output of the string: 

[o- ■ • . . .]o — >F [o- ■ -]oW. 

The processes of gemmation and fusion of a mobile membrane are illustrated 
in figure 1, where Euler- Venn diagrams of two types are used: rectangular boxes 
represent membranes in the membrane structure while a circle box represents 
a mobile membrane. 

One more theoretical feature has to be introduced to the aim of keeping this 
variant closer to the functioning of real cells. We define a meta-priority between 
the whole set Ci and the whole set Di, Vz = 1, . . . , n, meaning that all applicable 
classical rules in Ci must be used before any other applicable pre-dynamical rule 
in Di. The meta-priority is used to simulate the completion of the maturation 
path of a substance inside the Golgi apparatus. On the contrary, we do not de- 
fine any priority relation between rules in the set Ci neither between rules in 
the set Di, as it has been previously done in [7] in the form of a partial order 
relation between evolution rules. 

Finally, a P system (of degree u -I- 1) with gemmation of mobile membranes 
(or gemmating P system, in short) is defined by the construct 

77(g.f) = (^, T, Mo , . . . , , (Co , 0) , (Cl , ) , . . . , (C„ , 0„) , oo) 

with the following components: 

(z) V is an alphabet such that V D {@j} = 0,Vj = 0, 1, . . . , u; 

(ii) T CV is the output alphabet; 

(Hi) n = [o[i]i[ 2]2 ■ • ■ [n-i]n-i [n]ra]o IS a membrane structure of depth 2 and degree 
n -I- 1; 

(iv) Mq, . . . , Mn are multisets of finite support over V*; 
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Fig. 1. Gemmation of a single mobile membrane from membrane i and fusion 
with target-membrane j 
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{v) {Ci, Di) y i = 0,1, ... ,n are the set of classical evolution rules and the set of 
pre-dynamical evolution rules, respectively. Ci has a meta-priority above Di 
as far as the application of all of its rules is concerned, Vi = 1, ... ,n. The 
set Do is empty; 

(vi) oo means that the system has external output. 

The application of the rules is done as usual in P system area: in one step 
all regions are processed simultaneously by using the rules in a nondeterministic 
and maximally parallel manner. This means that in each region the objects to 
evolve and the rules to be applied to them are nondeterministically chosen, but all 
objects which can evolve should evolve. Specifically, at each step of a computation 
a string can be processed by one rule only, and its multiplicity is decreased by one. 
The multiplicity of strings produced by an operation is accordingly increased. 
The strings resulting after the application of a rule are communicated by mobile 
membranes or by in/out communication to the regions specified by the target 
indications (the target indication here will often be omitted). 

The membrane structure at a given time, together with all multisets of ob- 
jects associated with the regions defined by the membrane structure, is the 
configuration of the system at that time. The {n + l)-tuple (/i. Mi, . . . , M„) 
constitutes the initial configuration of the system. For two configurations C\ = 
(/r, M[, . . . , M^),C 2 = (/i, M", . . . , M") of 11(^0, f) we say that we have a transi- 
tion from Cl to C 2 by applying the rules present in the sets (C,, Di), 0 < i < n, 
according to the meta-priority relation. A sequence of transitions forms a com- 
putation. A computation halts when there is no rule which can be further applied 
in the current configuration. On the contrary, we say that a computation is non- 
halting if there is at least one rule which can be applied forever. The output is 
the set of strings over T sent out of the system during the computation. The 
language generated in this way by a P system is denoted by L(7 T(g,f))- 

Non-halting computations provide no output. 

3 Examples 

We show that we can easily generate non context-free languages using P systems 
with only mutation rules and only communications performed by gemmation 
of mobile membranes. Moreover, we will consider only sets of strings without 
multiplicities, as no replication nor splitting rules will be used. 

3.1 Example 1 

We construct the P system Ui with gemmation of mobile membranes 
Ml = (P,T,/i,Mo,...,M 3 ,Co,(Ci,Mi),...,(C 3 ,M 3 ),oo) 



where: 



V = {A,A',B,B',C,a,b,cj; 
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T = {a,b,c}; 

M = [o [i ]i [2 h [3 ]s ]o; 

Ml = {ABC}, all other sets are empty; 

Co = 0; 

Cl = {A^aA',B^ bB'}, 

Di= {C ^ cC@2, C ^ cC@3}; 

C2 = {A' ^ aA,B' ^ bB}, 

D2= {C ^ cC@i, C ^ cC@3}; 

C3 = {A^X,A' ^X,B^ X, B' X}, 

H3 = {C — > A@o}- 

The computation starts in membrane 1, where both classical rules A — *■ 
aA', B bB' must be used before any pre-dynamical rule can be applied. The 
symbols A' , B' guarantee that an equal number of a and b will be generated, and 
they are necessary in order to obtain halting computation. In fact, if we would 
substitute the two rules A — s- aA' , B bB' with A —>■ a A, B ^ bB respectively, 

then we should apply each one forever because of the meta-priority relation. 
Hence, by making cycles between membranes 1 and 2 we generate all the strings 
of the form a”Xb”Fc”C, with {X,Y) € {{A, B), {A' , B')}. When the current 
string reaches membrane 3, all nonterminal symbols are erased and the string 
leaves the systems. 

It is easy to see that the language generated by the system is L{Hi) = 
{a"6"c" I n > 1}. 



3.2 Example 2 

We define the system 

712 = (F, T, /i, Mo, . . . , Mr, Co, (Ci, 77i), . . . , (C 7 , Dj),^) 
with the following components: 



V = 


{A,B, 


.A',B',C, 


a, 6}; 






T = 


{a,b}- 










M = 


[0 [i]i 


[2 h [3 ]s 


[4 ]i [5 ]s [e 


]e [7 ]? ]o; 




Ml = 


{ABC}, all other sets are empty; 




Co = 


0; 










Cl = 


0, 










Di = 


{C^ 


A@ 6 ,C- 


> A@r,C^ 


C@ 2 ,C- 


c@3}; 


C2 = 




aA',B ^ 


aB'}, 






D2 = 


{C- 


X@e,C- 


> A@r,C^ 


C@ 4 ,C- 


c@5}; 


C3 = 




bA',B^ 


bB'}, 






O3 = 


{C- 


A@ 6 ,C- 


> A@r,C^ 


C@ 4 ,C- 


C@s}; 


C4 = 




■ aA, B' - 


> aB}, 






O4 = 


{C- 


A@ 6 ,C- 


> A@r,C^ 


C@ 2 ,C- 


c@3}; 


C5 = 




■ bA, B' ^ 


MB}, 






O5 = 


{C- 


A@ 6 ,C- 


> A@r,C^ 


C@ 2 ,C- 


c@3}; 
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Ce = 


M- 


-> a, A' — > 


a}. 


De = 


{B- 


-4 a@o,B' 


^ a@o}; 


G7 = 


M- 


^b,A' ^ 




D7 = 


{B- 


b@o,B' 


^ b@o}. 



The computation starts in membrane 1 which contains only pre-dynamical 
rules that non deterministically redirect the current string to membrane 2, 3, 
6 or 7. In each membrane of the system the gemmation phase is controlled by 
the support-symbol C. If we make cycles between membranes 2 and 4, then 
we generate strings of the form xaAxaBC, with x S {a,b}*. Observe that in 
membrane 2 we could use no rules such as A ^ aA, B aB or C — > C in order 
to get an immediate generation of such strings, because we should apply these 
rules forever and hence the computation would never halt. In the same way, we 
need a cycle between membranes 3 and 5 for further rewriting of the terminal 
symbol 6; the generated strings have now the form xbA'xbB'C, with x G {a, b}*. 
Finally, membranes 6 and 7 cause the terminal rewriting of the string and its 
output from the system. 

It follows that the generated language is T(7T2) = {xx \ x € {a, 6}+}. 



4 Computational Completeness 

We show that P systems with gemmation of mobile membranes and in/out com- 
munications are able to generate any recursively enumerable language. Moreover, 
as only mutation rules are used in the proof, there is no need of using multi- 
sets of strings. Hence, we will not indicate the multiplicity of the string, being 
understood that it is always equal to one. 

In the proof we need the notion of a matrix grammar with appearance check- 
ing-, such a grammar is a construct G = {N, T, S, M, F), where N, T are disjoint 
alphabets of nonterminal and terminal symbols, S € N is the axiom, M is 
a finite set of matrices, which are sequences of context-free rules of the form 
{Al — > x\,...,An — > Xn), n > 1, (with Ai G N,Xi G (NUT)*, in all cases), 
and F is a set of occurrences of rules in M. 

For w,z £ (Nut)* we write w ^ zii there are a matrix {Ai — > a;i, . . . , > x„) 

in M and strings Wi £ {N U T)*, 1 < i < n -I- 1, such that w = w\,z = ?u„+i, 
and, for all 1 < i < n, either Wi = w[Aiw'l ,Wi+i = w[xiw" , for some w{,w'l G 
{N U r)*, or Wi = Wi+i, Ai does not appear in Wi, and the rule Ai — > Xi ap- 
pears in F. (The rules of a matrix are applied in order, possibly skipping the 
rules in F if they cannot be applied - one says that these rules are applied 
in the appearance checking mode). The language generated by G is defined by 
L{G) = {w G T* I S' =>* w}. The family of languages of this form is denoted by 
MATac- When F = 0 (hence we do not use the appearance checking feature), 
the generated family is denoted by MAT. 

A matrix grammar with appearance checking G = {N, T, S, M, F) is said to be 
in the binary normal form if N = Ni U N 2 Li {S, f} is the union of mutually 
disjoint sets, and the matrices in M are of one of the following forms: 
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1. {S XA) with X eNi, A £ iVs; 

2. with X,Y £ Ni,Ae N 2 ,x e (iVsUT)*; 

3. {X ^Y, A ^ t) with X,Y e Ni, A e N 2 ; 

4. {X ^ X,A^ x) withX &Ni,AeN 2 ,x&T*. 

Moreover, there exists only one matrix of type 1, F exactly consists of all rules 
A^ \ appearing in matrices of type 3 and f is a trap-symbol (once introduced, 
it can never be removed). Finally, each matrix of type 4 is used only once, at 
the last step of a derivation. According to Lemma 1.3.7 in [3], for each matrix 
grammar there exists an equivalent one in the binary normal form. 

We denote by CF and RE the families of context free and recursively enumer- 
able languages. The following proper inclusions hold: CFc MAT cMATac = RE. 
Further details about matrix grammars can be found in [13] and [5]. Moreover, 
in [5] it is shown that all one-letter languages in MAT are regular. 

We denote by GemPn{MPri, (in /out)) the family of languages generated by 
gemmating P systems of degree n, for n > 1, with relation of meta-priority and 
communications of type in/out. If the number of membranes is not limited, then 
the subscript n is replaced by *. 

Theorem 1. GemP^(MPri, (in/out)) = RE. 

Proof. The inclusion GemP^{MPri^ (in/out)) C RE directly follows from 
Church- Turing thesis. So, we only have to prove the opposite inclusion; to this 
aim, we make use of the equality RE = MATac and we consider a matrix 
grammar with appearance checking G = {N,T,S,M,F), in the binary normal 
form previously described. Let p be the number of matrices of type 2 in G, g 
the number of matrices of type 3 and r the number of matrices of type 4, with 

We show how to construct a gemmating P system of degree s = 2p-|-g-l-2r-|-3 
that generates the same language as G: 

n{G,F) = Afo, Ml, M(2 )i, Af(2)2, . . . , M(p+i)j, M(p+i)2, M(p_|_2)i, • • ■ , 

^{.p+q+l)l •> Af(p+g+2)i I Af(p_|_g_|_2)2 , ■ ■ • , M(p_|_q_|_^_|_l),^ , M(p_|_,j_|_,._|_1)2 , Me, 

Co, (Cl, Hi), (C( 2 )j, H( 2 ) J, . . . , (C(p+,j_|_e+i) 2 , H(p_|_,j_,_e+ 1 ) 2 ), (Cc, Dc)) 

with 

p = A^iUA^2uru{p,j,JMi} 

(we use the symbols of G plus four support-symbols P, J, J' and []) ; 

M = [0 [l]l [(2)1 ](2)i [(2)2 ](2)2 [(p-l-l)i ](p-|-l)i [(p-|-l)2 ](p-l-l)2 [(p-l- 2 )i ](p-|- 2 )i 

■ ■ ■ [(p-l- 9 -l-l)l ](p-l-g-l-l)l [(p-|-g-|- 2 )i ](p-|-g-|- 2 )i [(p-|-q-|- 2)2 ] (p-|-q-|- 2)2 ■ ■ ■ 

[(P+9-1-’’ -1-1)1 ](p-l- 9 -l-i’ -1-1)1 [(p-l- 9 -l-»' -1-1)2 ](p-|-g-|-i’-|-l)2 [c ]c ]o 

(membrane 1 simulates the matrix of type 1 in G, each couple of mem- 
branes labelled with (i)i, (z)2,2 < j < p -I- 1, simulate a matrix of type 
2 in G, each membrane labelled with (j)i,p-|-2 < j < p + q + 1, sim- 
ulate a matrix of type 3 in G, each couple of membranes labelled with 
{k)i, {k) 2 ,p + q + 2 < k<p + q + r+l, simulate a matrix of type 4 in 
G; we also use a control-membrane labelled with c); 
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Ml = {XAP I S XA is the rule of the matrix of type 1}, all other sets are 
empty; 

Co = {•/ — *■ (A,wi), J' ^ (A,mc)} 

(the skin membrane contains two classical rules, one for each support- 
symbol J, J' , which redirect the received strings to membrane 1 or to the 
control-membrane) ; 

Cl = 0and = 

V i = 2, . . . ,p-|-l,V j = p-l-2, . . . ,p-|-g-l-l,V fc = p-l-g-l-2, . . . ,p-|-g-l-r-|-l 
(membrane 1 sends the current string to the first membrane (i)i, {k)i of 
any couple of membranes simulating matrices of type 2 and 4, or to any 
of the single membranes (j)i simulating the matrices of type 3); 

V i = 2, . . . -I- 1 we define: 

C(,), = 0 and = {X ^ (Q)(,),y} 

(for each matrix of type 2, in the first membrane we simulate the first 
rule of the matrix with one pre-dynamical rule) , 

C(i )2 = {A ^ {Jx,out)} and = 0 

(for each matrix of type 2, in the second membrane we simulate the 
second rule of the matrix with one classical rule, which introduces the 
support-symbol J in the string); 

Vj = p+2,...,p + q + l we define: 

C(,), = {A ^ and = {X ^ @iF} 

(for each matrix of type 3, in a unique membrane we simulate the second 
rule of the matrix by one classical evolution rule, and the first rule of 
the matrix by one pre-dynamical rule); 

Vfc = p-|-(7-l-2,...,p-|-(7-l-r-|-l we define: 

C(fc)i = 0 and = {X ^ 

(for each matrix of type 4, in the first membrane we simulate the first 
rule of the matrix with one pre-dynamical rule) , 

C(fc )2 = ^ (J'x,out)} and Z?(fc )2 = 0 

(for each matrix of type 4, in the second membrane we simulate the 
second rule of the matrix with one classical rule. The support-symbol J' 
is introduced in the string); 

and finally 

Cc = {B ^ (j), here), (I ^ (D, here)} WB £ NiU N 2 

(in the control-membrane we define a classical rule for each nonterminal 
symbol in 7Vi U A ^2 , and one classical mutation rule over j) which causes 
the non termination of a computation), 

D,= {P^ A@o} 

(this pre-dynamical rule erases the support-symbol P and sends the 
string outside the system). 
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The system works as follows: consider the string ZwP in membrane 1 with 
Z G Ni and w G {N 2 U T)*. Initially we have Z = X and w = A. 

We nondeterministically choose between any of the pre-dynamical rules de- 
fined in membrane 1, the string ZwP is so rewritten as ZwP@t, with t G 
{(*)ij (j)ij (^)i}- This string is sent to membrane (i)i, with 2 < i < p + 1, 
or {k)i, with p-|-( 7 -|- 2 <fc<p-|-( 7 -|-r-|-l,or (j)i, with p-|-2<j < p + q + 1, 
where we simulate the first rule of the matrices of type 2 and 4, or both rules of 
matrices of type 3, respectively. 

If the string ZwP enters a membrane (i)i, for any i = 2,...,p -|- 1, and 
Z = X, then we can apply the pre-dynamical rule X the rule of 

the corresponding matrix is correctly simulated and the string enters the second 
membrane («) 2 - On the contrary, if Z ^ X, then the rule cannot be applied and 
the computation halts, no string will be generated. In the first case, when the 
string YwP enters membrane ( 1 ) 2 , if the symbol A G w then we can apply the 
rule A — > (Jx,out). The string Yw\Jxw 2 P, with W\,W 2 G {N 2 U T)* such that 
w = w\Aw 2 , enters membrane 0 and then it returns to membrane 1 by means of 
the rule J — > (A,iui). Observe that the support-symbol J is immediately erased 
and it will never appear in any terminal string. From membrane 1 we can now 
start the simulation of another matrix. In membrane ( 1 ) 2 , if the symbol A ^ w, 
then the string will never exit the current membrane, the computation halts and 
no string will be generated. Thus, with two membranes we are able to simulate 
the productions of any matrix of type 2, and we can correctly do it. 

If the string ZwP enters a membrane (j)i, for any j = p + 2, . . . ,p + q + 1, 
and A G w, then the computation will never stop: the rule A^ A will be applied 
forever because of the meta-priority relation. No string will be generated, thus 
we correctly simulate the introduction of the symbol f in a production of G. On 
the contrary, if A^ w, then the classical rule A^ A cannot be applied and we 
pass to the pre-dynamical rule X — *■ @iF. \f Z = X then the string YwP will be 
sent to membrane 1, otherwise the rule cannot be applied and the computation 
stops. Thus we only need one membrane for every matrix in G whose rules are 
to be applied in the appearance checking mode. Observe that the order of the 
rules in the membrane is opposite to the order of the rules in the matrix, but 
this fact does not change the set of generated strings. 

Finally, if the string ZwP enters a membrane (fc)i, for any k = p + q + 2, 
. . . ,p + q + r + I, and Z = X, then we can apply the pre-dynamical rule X 
A: the rule of the corresponding matrix is correctly simulated and the string 
enters the second membrane (fc) 2 . If Z ^ X, then the rule cannot be applied 
and the computation halts, no string will be generated. If the string wP enters 
membrane {k )2 and if the symbol A ^ w, then the string will never exit the 
current membrane, the computation halts and no string will be generated. On the 
contrary, if A S w we can apply the rule A {J'x, out): the string w\J'xw 2 P, 
with wi,W 2 G {N 2 U T)* such that w = wiAw 2 , enters membrane 0. As for 
matrices of type 2, we are therefore able to simulate the productions of any 
matrix of type 4 with two membranes, and we can do it in the correct order. 
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When a string reaches a membrane labelled with (A:) 2 , for any k=p + q + 2, 

. . . ,p + q + r + 1, the simulation of the matrices of G has to be ended. To 
this aim, we make use of the support-symbol J': in membrane 0 we define the 
rule J' — *■ (Ajiuc) which will send the received string W 1 XW 2 P to membrane c. 
Again, the support-symbol J' is immediately erased and it will never appear 
in any terminal string. Inside the control-membrane we check that the string 
does not contain any nonterminal symbol: if it is so, then the string W\XW2 will 
exit the system by a final gemmation due to the rule P A@q. Otherwise, 
if W 1 XW 2 P contains a symbol B S (A^i U A^ 2 ), then the classical rules B — > U will 
introduce the trap symbol U that causes never halting computations. No string 
will be generated and, once more, we can correctly simulate any production in G. 

It follows that we exactly generate the strings of terminal symbols generated 
by G, that is L{II(^g,f)) = A(G). □ 

We want to point out that, as seen in the proof, a unique membrane suffices 
for simulating each matrix of type 3, while we need two membranes and in/out 
communications for each matrix of type 2 and 4. The meta-priority relation and 
the gemmation of mobile membranes yield here an easy and immediate simu- 
lation of the appearance checking mode, unlike all other variants of P systems 
where this aspect of matrix grammars is harder to be proved. 

We stress the fact that in/out communications are essential in order to get a 
correct simulation of matrices of type 2 and 4. In fact, let us consider the second 
rule A ^ X (with x € (A ^2 U T)* or x S T*) of such matrices and analyse the 
following cases: 

1. this rule could not be simulated using a pre-dynamical rule of the form 
A a;@i, because the symbol @1 can be introduced only at one end of 
the string but we do not know where the symbol A is placed in the current 
string; 

2. we could not use a single membrane and two rules of the form A ^ x, P ^ 
P@i because the meta-priority forces the application of the classical rule to 
all occurrences of the symbol A in the string. Hence, the simulation of the 
corresponding matrix could not be correct. 

If we do not use in/out communications, it is possible to show that the family 
of languages MAT is properly included in the family of languages generated by 
gemmating P systems of degree 4. 

Theorem 2. GemPi{MPri,n{in/ out)) — MAT ^ 0. 

Proof. Consider the P system 

7 T = (P, T, /i, Mo, . . . , M3, Go, (Cl, iAi), (G2, Z?2), (G3, T»3), 00) 



with components 



V = {A,A',B,a}; 
T={a}; 
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M = [o[l]l[2]2[3]3]o; 

Ml = {AB}, all other sets are empty; 
Co = 0 ; 



M- 






{B- 


B@2,B 


^ B@3}; 


K- 






{B- 


B@i,B 


^ h@3}; 


M- 


^a,A' ^ 


a,}, 


{B- 


■* A@o}- 





The system works as follows: in membrane 1 and 2 we duplicate the num- 
ber of the symbols A and A', respectively, and we generate strings of the form 
(A')^ B or (A)'^ B\/n > 1. When the current string is sent to membrane 3, each 
nonterminal symbol A or A' becomes a terminal symbol a, while the support- 
symbol B is erased and the string leaves the system. Thus we generate the 
language L{II) = {a^ | n > 1}, which is a non regular language over one-letter 
alphabet. 

It follows that MAT C GemPi{MPri,n{in/ out)). □ 



5 Solving the HPP in Quadratic Time 

Consider a directed graph 7 = {N,A) where TV is a finite set of n vertices, 
identified with the numbers 1 , 2 , . . . , n, and ^ is a set of ordered pairs of vertices 
{vi,Vj), for i,j e {!,..., n}. The Hamiltonian Path Problem (in short HPP) 
for 7 asks whether or not there exists a path from a given initial vertex vi to 
a final vertex Vn which passes exactly once through each and every vertex of the 
graph ([4]). We write as the outdegree of the vertex Ui, V T € {1, . . . , n}, and 
we ignore useless arcs of the form {vi, Vi), so will be at most equal to n — 1 . 

We show how to construct a P system with gemmation of mobile membranes, 
with rules similar to those used in [2] , which actually finds all Hamiltonian paths 
in a given graph and not only their existence (if any). The computation halts 
for all inputs and the problem is solved at most in a quadratic time with respect 
to the number of vertices. 

Theorem 3. The HPP can be solved by P systems with gemmation of mobile 
membranes in a quadratic time with respect to the number of vertices. 

Proof. We define a gemmating P system of degree u -|- 1 associated with 7 
IIhpp = {V, T, /i, Mq, . . . , Mn, Co, (Ci,Di ), . . . , (C„, Dn),oo) 
with the following components: 



V = {{i,k), [i,k], {i,k;ji,...,jn),'i\l<i<n,0<k<n-l and ji, . . . ,jn 
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are labels in {1, . . . ,n} such that {vi,Vj^) G A,W h = 1 , . . . ,n}, 
i is the label of the vertex Vi,Vi is the outdegree of the vertex Vi, 
while k is used to count the steps of computation; 

T = {[i,k] I l<i<n, 0 <fc<n — 1 }; 

k- = [o[i]i[2]2 ■ • ■ [n-i]n-i [n]n]oi that Is wc define an inner membrane i 
for each vertex Vi in N\ 

Ml = {((1,0), 1)}, all other multisets are empty; 

Co = fl), 

and with the following sets of rules which, starting from the object (1,0) in 
membrane 1 and by repeatedly using replication rules in the inner membranes, 
create all the strings that correspond to paths in 7: 

Ci: (1, k) — > (tl; here) V /c = 1, . . . , n — 1 

(in membrane 1 if a string contains the symbol {l,k) for k ^ 0, then 
it codifies a wrong path because it surely visited the current membrane 
twice. We stop such strings by the introduction of the symbol j)); 

Di. (1,0) ^ ([l,0](Ji,l)@j,;here) if ci = 1 

(if there is a single arc from vertex v\ to vertex then the nonter- 
minal symbol (1,0) is rewritten as the corresponding terminal symbol 

[1.0] , and the string is prolonged by adding (ji,l), which denotes the 
label of the membrane to be visited and the next step in the path) ; 
(1>0) ^ ([1.0](ji>l)@ji II [I,0](j2,l)@j2; here, here) if ri = 2 

(if there are two arcs exiting from vertex v \ , then we replicate the initial 
object into two strings at the same step); 

(1.0) ^ (|1.0](ji.l)@ji II (l,0;j2,...,jri); here, here) if ci > 2 

(if there are more than two vertices exiting vertex ui, then we use a 
replication rule to prolong one string and to memorize all the others 
vertex-labels in the nonterminal symbol (1, 0; j2, . . . , Jn)); 
(l,0;jh,...,jri) ^ ([l,0](Jh,l)@jh II (l,0;jh+i,...,jri); here, here) 
Vh = 2 ,...,n -2 

(if there are more than two memorized vertices, then in a step we prolong 
only one of them, while keeping memorized all the others); 
(l,0;jri-i,jri) ^ ([l,0](jri_i,l)@j,^_J| [1, 0] (jr^ , l)@j,^ ; here, here) 
(if there are exactly two memorized vertices, then we replicate the single 
object into a new couple of strings in a single step); 

Ci, V z = 2 , . . . , n — 1 , consists of: 

[i, k] ^ (D : j); here, out) V/c = l,...,n — 2 

(if a string containing the symbol [i, k] enters membrane z, then such 
string must be stopped because it codifies a wrong path and we break it 
into two substrings by a splitting rule); 
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Di, Vi = 2,...,n — 1, consists of rules analogous to those defined for the 
set Di (here the range of the step counter is 1 < fc < n — 2 for all rules): 
(bk) ^ ([i,k](ji,k+ l)@j,;here) if = 1 ; 

(bk) ^ ([i,k](ji,k+ l)@j, II [i,k](j 2 ,k+ l)@j 2 ; here, here) if r, = 2; 
(bk) ^ (|i,k](ji,k+ l)@j, II (i,k;j 2 ,...,jri>; here, here) if r, > 2; 
(i,k;jh,...,jri) ^ ([i,k](jh,k + l)@j^ || (i,k; jh+i, ... ,jri>; here, here) 
Vh = 2, . . . - 2; 

(b k; jri-l, jri) — ^ 

([i,k](jri-i,k+ II [i,k](jri,k+ l)@jri; here, here); 

Cn- (n, k) — > (j); here) V A: = 1, . . . , n — 2 

(in membrane n, if fc 7 ^ n — 1 we introduce the symbol j) to stop every 
string containing the symbol {n,k), which codifies a wrong path); 

£)„: (n, n- 1) ^ ([n,n- l]@o;here) 

(if a string reaches membrane n and if it contains the symbol (n, n — 1), 
then it surely codifies a correct path and it can leave the system). 

The computation starts in membrane 1 from the unique object (1, 0): we start 
from vertex v\ at the step 0 and, by repeatedly using pre-dynamical replication 
rules, we prolong all the strings which correspond to paths in 7 . The paths can 
be correctly continued if either no vertex label is repeated in the string or we 
reach membrane n (that is, the final vertex in 7 ) at the step n — 1 . 

The special symbol j) is thus needed in order to break and stop every wrong 
Hamiltonian path, D is introduced in membrane 1 and n by classical rules, which 
have meta-priority above all other rules defined inside the membrane, so we can 
assure that no wrong path will be prolonged in the system. 

Observe that, to this aim, we could not use a similar mutation rule in membranes 
2 , . . . , n — 1 , in fact if a string containing the symbol [i, k] enters membrane i, 
then it will certainly be of the form \Y,Q]x\[i,k]x 2 {i,k') , where k' > k, X\ is 
a (possible empty) string over {[j, k]}, and X 2 is a non-empty string over {[j, k]}, 
for j € {2, . . . , n — l},j 7 ^ i. If we would use the rule [i, k] — > (j), here) then the 
last symbol (i, k') would cause the continuation of the path and we would finally 
have a wrong output. We choose not to use the similar rule [i,k] — > (jl,out) 
because we try to simulate the direct transport through a membrane only for 
those objects which do not have "too long" length. So we break any wrong string 
by a splitting rule and then we send to the skin membrane the second halves of 
such strings, which would otherwise be processed again. As the first half of any 
wrong string is not dangerous at all, we can decide both to send it out or to keep 
it inside the current membrane. 

We continue in this way only those paths that pass exactly one time through each 
and every membrane, the computation always stops and we send every Hamil- 
tonian path (if existing) outside the system by a mobile membrane gemmated 
from membrane n. 

Let’s now compute the maximum number of steps until a computation halts. 
We suppose that the outdegree of each vertex is equal to n — 1. In membrane 1 
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all the possible continuations of the starting string are generated and sent to the 
destination membrane step by step, hence the worst complexity case corresponds 
to the last generated strings, which take n — 2 steps to be ready to leave the 
membrane. With two more steps (gemmation and fusion phases) such strings are 
communicated to any membrane i, for i = 2, . . . , n — 1, where again other n — 2 
steps (plus two communication steps) are needed for the local last generated 
strings to reach their destination membranes. So it takes — n steps until the 
last generated strings reach membrane n. Here after three more steps (evolution, 
gemmation, fusion) the strings codifying Hamiltonian paths (if any) will be sent 
out of the system. Hence, in total we perform at most — n + 3 steps before 
the system stops its computation. 



The exact number of steps is given by the formula 




l) + 2) 



+ 3, 



when ri < n — 1. 



□ 



Note that, in particular, if the maximum outdegree of each vertex of the 
graph is bounded by 2, then the computation always halts after 3n steps. The 
quadratic time would collapse to linear time also if parallel replication rules 
were used, as introduced in [6]. In this case, in fact, we could prolong all the 
paths from each vertex in a single step, then in other two communication steps 
(gemmation and fusion of the mobile membranes) the strings would be sent to 
the target membranes. It follows that we would only need 3n steps to prolong 
and output all the Hamiltonian paths in the graph. 



6 Final Remarks 

We have introduced a new kind of communication for P systems and worked 
with membrane structures and evolution rules of biological inspiration, keeping 
the model as close as possible to the real structure of cells, in order to make 
easier an implementation of the model. We have proved that P systems with 
such features characterize the recursively enumerable languages and they can 
solve the Hamiltonian Path Problem in a quadratic time. We close the paper 
with three topics for further research. 

As no priority is defined between classical evolution rules, we could think 
about a parallel application of all applicable rules over the same string, as in 
Lindenmayer systems ([13]). The generative power of this variant is still to be 
analyzed. 

The second problem concerns the fact that, for the moment, no pre-dynamical 
rule can be defined in the skin membrane: up to now P systems have been 
"isolated" structures and no rules have ever been defined for letting an object 
entering the skin membrane from outside. Moreover, no object can be ejected 
from the system by mobile membranes gemmated from the skin membrane: the 
mobile membrane could never reach any other P system and the objects would 
remain forever inside it (no language would be generated in this way). Hence, it 
would be interesting to define either an external ambient for P systems, either 
colonies of P systems (of depth 2) which can communicate by mobile membranes 
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or by getting the objects from outside with a new kind of evolution rules. We 
remark here again that the goal is to keep the model as realistic as possible, 
hence it is different to think about a colony of P systems of depth 2 (which 
stands as a formal model for a real multi-cellular tissue), or about a unique 
system with a big skin membrane enclosing inner P systems of any depth (which 
has no realistic counterpart). 

Finally, we have seen that P systems which use gemmation of mobile mem- 
branes and no in/out communications can generate at least all languages in 
MAT, but it is still an open problem knowing if the family of generated lan- 
guages can ever be enlarged using this new communication feature only. 
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Abstract. Over the past few years, the focus of robotic design has been 
moving from a scenario where few, specialized (and expensive) units were 
used to solve a variety of tasks, to a scenario where many, general purpose 
(and cheap) units were used to achieve some common goal. Consequently, 
part of the focus has been to better understand how to efficiently coor- 
dinate and control a set of such “simpler” mobile units. Studies can be 
found in different disciplines, from engineering to artificial life: a shared 
feature of the majority of these studies has been the design of algorithms 
based on heuristics, without mainly being concerned with correctness 
and termination of such algorithms. Few studies have focused on trying 
to formally model an environment constituted by mobile units, study- 
ing which kind of capabilities they must have in order to achieve their 
goals; in other words, to study the problem from a computational point 
of view. This paper focuses on two of these studies [1,6,14] (the only 
ones, to our knowledge, that analyze the problem of coordinating and 
controlling a set of autonomous, mobile units from this point of view). 
First, their main features are described. Then, the main differences are 
highlighted, showing the relationship between the class of problems solv- 
able in the two models. 

Keywords: Mobile Robots, Distributed Coordination, Distributed Mod- 
els, Computability. 



1 Introduction 

In a system consisting of a set of totally distributed agents the goal is generally 
to exploit the multiplicity of the elements in the system so that the execution of 
a certain number of predetermined tasks occurs in a coordinated and distributed 
way. Such a system is preferable to one made up of just one powerful robot for 
several reasons: the advantages that can arise from a distributed and parallel 
solution to the given problems, such as a faster computation; the ability to 
perform tasks which are unable to be executed by a single agent; increased fault 
tolerance; and, the decreased cost through simpler individual robot design. On 
the other hand, the main concern in such a system is to find an efficient way to 
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coordinate and control the mobile units, in order to exploit to the utmost the 
presence of many elements moving independently. 

Several studies have been conducted in recent years in different fields. In 
the engineering area we can cite the Cellular Robotic System (CEBOT) of 
Kawaguchi et al. [9], the Swarm Intelligence of Beni et al. [3], and the Self- 
Assembly Machine (“fructum”) of Murata et al. [11]. In the Al community there 
has been a number of remarkable studies: social interaction leading to group be- 
havior by Mataric [10]; selfish behavior of cooperative robots in animal societies 
by Parker [12]; and primitive animal behavior in pattern formation by Balch and 
Arkin [2]. 

The shared feature of all these approaches is that they do not deal with 
formal correctness and they are only analyzed empirically. Algorithmic aspects 
were somehow implicitly an issue, but clearly not a major concern - let alone 
the focus - of the study. 

A different approach is to analyze an environment populated by a set of au- 
tonomous, mobile robots, aiming to identify the algorithmic limitations of what 
they can do. In other words, the approach is to study the problem from a compu- 
tational point of view. This paper deals with two studies leading in this direction 
(the only ones, to our knowledge, that analyze the problem of coordinating and 
controlling a set of autonomous, mobile units from this point of view). The first 
study is by Suzuki et al. [1,13,14]. It gives a nice and systematic account on the 
algorithmics of pattern formation for robots, operating under several assump- 
tions on the power of the individual robot. The second is by Flocchini et al. [6,8]: 
they present a model (that we will refer to as CORDA - Coordination and con- 
trol of a set of Robots in a totally Distributed and Asynchronous environment), 
that has as its primary objective to describe a set of simple mobile units, which 
have no central control, hence move independently from each other, which are 
totally asynchronous, and which execute the same deterministic algorithm in 
order to achieve some goal. In both studies, the modeled robots are rather weak 
and simple, but this simplicity allows us to formally highlight by an algorithmic 
and computational viewpoint the minimal capabilities they must have in order 
to accomplish basic tasks and produce interesting interactions. Furthermore, it 
allows us to better understand the power and limitations of the distributed con- 
trol in an environment inhabited by mobile agents, hence to formally prove what 
can be achieved under the “weakness” assumptions of the models, that will be 
described later in more detail (see [7] for more detailed motivations). 

An investigation with an algorithmic flavor has been undertaken within the 
Al community by Durfee [5] , who argues in favor of limiting the knowledge that 
an intelligent robot must possess in order to be able to coordinate its behavior 
with others. 

Although the model of Suzuki et al. (which we will refer to as SYm) and 
CORDA share some features, they differ in some aspects that render the two 
models quite different. In this paper we highlight these differences, focusing in 
particular on the different approach in modeling the asynchronicity of the envi- 
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ronment in which the robots operate, and showing that the algorithms designed 
on SYm do not work in general on CORDA. 

In Section 2.1, SYm and CORDA are described, highlighting the features that 
render the two models different. In Section 3, we show that the class of problems 
solvable in CORDA is strictly contained in the class of problems solvable in SYm. 
In Section 4, we present a case study: we analyze the oblivious gathering problem, 
showing that the algorithmic solutions designed for SYm do not work in CORDA. 
Finally, in Section 5 we draw some conclusions and present open problems and 
suggestions for further study. 



2 Modeling Autonomous Mobile Robots 

In this section we present the approaches used in SYm and CORDA to model the 
control and coordination of a set of autonomous mobile robots. In particular, we 
first present the common features in the two models, and successively present in 
detail the instantaneous action of SYm, and the full asynchronicity of CORDA, 
that model the interactions between the robots. 

2.1 Common Features 

The two models discussed in this paper share some basic features. The robots are 
modeled as units with computational capabilities, which are able to freely move 
in the plane. They are viewed as points, and they are equipped with sensors 
that let them observe the positions of the other robots in the plane. Depending 
on whether they can observe all the plane or just a portion of it, two different 
models can arise: Unlimited and Limited Visibility model (each robot can see 
only whatever is at most at distance V from it). The robots are anonymous, 
meaning that they are a priori indistinguishable by their appearances, and they 
do not have any kind of identifiers that can be used during the computation. 
They are asynchronous and no central control is allowed. Each robot has its 
own local view of the world. This view includes a local Cartesian coordinate 
system with origin, unit of length, and the directions of two coordinate axes, 
identified as x axis and y axis, together with their orientations, identified as the 
positive and negative sides of the axes. The robots do not necessarily share the 
same x — y coordinate system, and do not necessarily agree on the location of 
the origin (that we can assume, without loss of generality, to be placed in the 
current position of the robot), or on the unit distance. They execute, however, 
the same deterministic algorithm, which takes in input the positions of the robots 
in the plane observed at a time instant t, and returns a destination point towards 
which the executing robot moves. The algorithm is oblivious if the new position 
is determined only from the positions of the others at t, and not on the positions 
observed in the past^; otherwise, it is called non oblivious. Moreover, there are no 

We also refer to the robots as oblivious because of this feature of the algorithms they 
execute. 
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explicit means of communication: the communication occurs in a totally implicit 
manner. Specifically, it happens by means of observing the change of robots’ 
positions in the plane while they execute the algorithm. 

Clearly, these basic features render the modeled robots simple and rather 
“weak”, especially considering the current engineering technology. But, as al- 
ready noted, the main interest in the studies done in [6,14], is to approach the 
problem of coordinating and controlling a set of mobile units from a computa- 
tional point of view. The robots are modeled as “weak robots” because in this 
way it is possible to formally analyze the strengths and weaknesses of the dis- 
tributed control. Furthermore, this simplicity can also lead to some advantages. 
For example, avoiding the ability to remember what has been computed in the 
past gives the system the nice property of self-stabilization [7,14]. 

During its life, each robot cyclically is in three states: (i) it observes the 
positions of the others in the world, (ii) it computes its next destination point, 
and (iii) it moves towards the point it just computed. As already stated, the 
robots execute these phases asynchronously, without any central control: in this 
feature the two models drastically differ. In fact, in SYm states (i) to (iii) 
are executed atomically (instantaneously), while this assumption is dropped in 
CORDA. In the following we better describe how the asynchronicity is approached 
in the two models. 

2.2 The Instantaneous Actions of SYm 

In this section we better describe how the movement of the robots is modeled in 
SYm [1,14]. The authors assume discrete time 0, 1,2,.. .. At each time instant t, 
every robot is either active or inactive. At least one robot is active at every 
time instant, and every robot becomes active at infinitely many unpredictable 
time instants. A special case is when every robot is active at every time instant; 
in this case the robots are synchronized, but this case is not interesting for the 
purpose of this paper. 

Let Pi{t) indicate the position of robot at time instant t, and '0 the al- 
gorithm every robot uses. Since the robots are viewed as points, in SYm it is 
assumed that two robots can occupy the same position simultaneously and never 
collide. '0 is a function that, given the positions of the robots at time t (or, in the 
non oblivious case, all the positions the robots have occupied since the beginning 
of the computation^), returns a new destination point p. For any f > 0, if is 
inactive, then pi{t -I- 1) = Pi{t)-, otherwise pi{t 4-1) = p, where p is the point 
returned by 0. The maximum distance that can move in one step is bounded 
by a distance > 0 (this implies that every robot is then capable of traveling 
at least a distance e = minjei, . . . ,e„} > 0). The reason for such a constant is 
to simulate a continuous monitoring of the world by the robots. 

Thus, Vi executes the three states (i)-(iii) instantaneously, in the sense that 
a robot that is active and observes at t, has already reached its destination 

^ Note that the non obliviousness feature does not imply the possibility for a robot 
to find out which robot corresponds to which position it stored, since the robots are 
anonymous. 
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point p at t + 1. Therefore, a robot takes a certain amount of time to move 
(the time elapsed between t and t + 1), but no fellow robot can see it while it is 
moving (or, alternatively, the movement is instantaneous). 

2.3 The Full Asynchronicity of CORDA 

Similarly to SYm, each robot repeatedly executes four states. A robot is initially 
in a waiting state ( Wait)', at any point in time, asynchronously and independently 
from the other robots, it observes the environment in its area of visibility {Look), 
it calculates its destination point based only on the current locations of the 
observed robots {Compute), it then moves towards that point {Move) and goes 
back to a waiting state. The states are described more formally in the following. 

1. Wait The robot is idle. A robot cannot stay infinitely idle. 

2. Look The robot observes the world by activating its sensors which will re- 

turn a snapshot of the positions of all other robots with respect to its local 
coordinate system. Each robot r is viewed as a point, and therefore its po- 
sition in the plane is given by its coordinates. In addition, the robot cannot 
in general detect whether there is more than one fellow robot on any of the 
observed points, included the position where the observing robot is. We say 
it cannot detect multiplicity. If, on the other hand, a robot can recognize 
that there is more than one fellow on the positions where it is, we say that 
it can detect a weak multiplicity. 

3. Compute The robot performs a local computation according to its determin- 

istic algorithm. The result of the computation can be a destination point or 
a null movement (i.e., the robot decides to not move). 

4. Move If the result of the computation was a null movement, the robot does 

not move; otherwise it moves towards the point computed in the previ- 
ous state. The robot moves towards the computed destination of an un- 
predictable amount of space, which is assumed neither infinite, nor infinites- 
imally small (see Assumption A2 below). Hence, the robot can only go to- 
wards its goal, but it cannot know how far it will go in the current cycle, 
because it can stop anytime during its movement 

A computational cycle is defined as the sequence of the Wait- Look- Compute- 
Move states; the “life” of a robot is then a sequence of computational cycles. 

In addition, we have the following assumptions on the behavior of a robot: 

Al(Computational Cycle) The amount of time required by a robot r to com- 
plete a computational cycle is not infinite, nor infinitesimally small. 
A2(Distance) The distance traveled by a robot r in a Move is not infinite. 
Furthermore, it is not infinitesimally small: there exists an arbitrarily small 
constant Sr > 0, such that if the result of the computation is not a null 

® That is, a robot can stop before reaching its destination point, e.g. because of limits 
to the robot’s motorial autonomy. 
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movement and the destination point is closer than 5^, r will reach it; oth- 
erwise, r will move towards it of at least 5r- In the following, we shall use 
5 = min^ Sr- 

Therefore, in CORDA there is no assumption on the maximum distance 
a robot can travel before observing again (apart from the bound given from the 
destination point that has to be reached), while in SYm an active robot always 
travels at most a distance in each step. The only assumption in CORDA is 
that there is a lower bound on such distance: when a robot r moves, it moves at 
least some positive, small constant 5r- The reason for this constant is to better 
model reality: it is not realistic to allow the robots to move an infinitesimally 
small distance. 

The main difference between the two models is, as stated before, in the way 
the asynchronicity is regarded. In CORDA the environment is fully asynchronous, 
in the sense that there is no common notion of time, and a robot observes the 
environment at unpredictable time instants. Moreover, no assumptions on the 
cycle time of each robot, and on the time each robot elapses to execute each 
state of a given cycle are made. It is only assumed that each cycle is completed 
in finite time, and that the distance traveled in a cycle is finite. Thus, each 
robot can take its own time to compute, or to move towards some point in the 
plane: in this way, it is possible to model different computational and motorial 
speeds of the units. Moreover, every robot can be seen while it is moving by 
other robots that are observing. This feature renders more difficult the design of 
an algorithm to control and coordinate the robots. For example, when a robot 
starts a Move state, it is possible that the movement it will perform will not be 
“coherent” with what it observed, since, during the Compute state, other robots 
can have moved. 



3 Instantaneous Action vs. Full Asynchronicity 

In this section, we highlight the relationship between the two models. In particu- 
lar, we first show that any algorithm designed in CORDA to solve some problem V 
can be used in SYm to let the robots accomplish the task defined by V. The vice 
versa is not true. In fact, we will give strong evidence that the differences pointed 
out in the previous sections, in particular the way in which the asynchronicity is 
modeled, render the two models really different, both in the oblivious and non 
oblivious case, and that the algorithms designed in SYm do not work in CORDA. 

Let us first introduce the definition of a valid activation schedule for an 
algorithm in CORDA. 

Definition 1. Given an algorithm A, an activation schedule for A in CORDA is 
defined as a function T{t) =< W(t), L(t), C(t), M(t) >, where Wit) is a set of 
pairs {r,t'), such that 

1. r is a robot that is in the Wait state at time t, 

2. t' > t, and 
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3. in W(t) there is at most one pair per each robot in the system 

(^(t), C{t), and M(t) are defined similarly for the Look, Compute, and Move 
states, respectively). 

Definition 2. An activation schedule is valid, if the following conditions hold: 
(i) {r,t') € W(t) t <t" < t' , {r,t') S W(t") (a similar condition applies also 
for L(t), C(t), and M.ft)); (ii) for all t, W(t), L(t), C(t), and M(t) constitute 
a partition of all the robots in the system. 

An algorithm A correctly solves a problem V in CORDA, if, given any valid 
activation schedule for A, the robots accomplish the task defined by 7^ in a finite 
number of cycles. Let us denote by £ and 3 the class of problem that are solvable 
in CORDA and SYm, respectively. We are now ready to show that SYm is at 
least as powerful as Corda, that is £ C 3. 

Theorem 1. Any algorithm that correctly solves a problem V in CORDA, cor- 
rectly solves V also in SYm. 

Proof. Let A be an algorithm that solves a given problem V in CORDA. In 
order to prove that A solves V also in SYm, we show that any execution of 
A in SYm corresponds to an activation schedule in CORDA. Hence, since by 
hypothesis A correctly solves V in CORDA, the theorem follows. 

Let us execute A in SYm, and let £{t) be the set of robots that are active at 
time t. Therefore, all the robots £{t) finish to execute their cycle at time t + 1. 
The activation schedule iF{t), for alH < t < t + 1, in CORDA for A corresponding 
to the portion of the execution of A in SYm starting at time t and ending at 
time t + 1, is defined as follows (see Figure 1). If r G £{t), then for all t < t < fi, 
(r, ti) e L(t); for all ti < t < t 2 , {r,t 2 ) G C(t); for all t 2 <t < t^, (r, ta) S M(t); 
and for all t^ < t < t 1, {r,t + 1) S W(t). Otherwise, for all f < t < t + 1, 
(r, t + 1) G W(t). In other words, all the robots in £(t) start their Look state, 
while all the others are in Wait. Moreover, all these robots execute their three 
states perfectly synchronized, so that they start their next cycle all together. 
Inductively, T{t), for all t + 1 < t < t + 2, corresponding to the next cycle (from 
time t + 1 to t + 2) of the execution of A in SYm is constructed. 

Therefore, any execution of A in SYm corresponds to a valid activation sched- 
ule for A in Corda. Since by hypothesis A correctly solves V on CORDA, the 
robots will correctly accomplish their task in SYm, and the theorem follows. 



Corollary 1. Any problem that can be solved in CORDA, can be solved in SYm; 
hence £ C 3. 

To prove that the inclusion is strict, we place ourselves in the non oblivious 
setting: the robots have an unlimited amount of memory, hence they can remem- 
ber the positions of all the other robots since the beginning of the execution, 
and they can use this information while computing. 
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Fig. 1. The activation schedule defined in Theorem 1 
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Definition 3 (Movement Awareness). The Movement Awareness problem 
MA is divided in two subtasks 7) and 72. InTi, robot ri, 1 < i < n, simply moves 
along a direction it chooses arbitrarily; ri can start T 2 only after it observed Vj 
in at least three different positions, and after rj observed in at least three 
different positions, for all j i. 

Theorem 2. There exists no algorithm that solves MA in CORDA in the non 
oblivious setting. 

Proof. By contradiction, let us assume that there exists an algorithm A that 
correctly solves MA in CORDA. The generic robot r starts its execution by 
moving along the direction it chooses. By hypothesis, it will eventually and 
within a finite number of cycles start the second subtask. Let t be the time 
when r decides to switch to Tf,- Since the robots operate in full asynchronicity, 
there can exist a robot r' that started its first Move state at time t' < t, and 
is still moving at time t (that is r' is still executing its first cycle). Then MA 
is not correctly solved, since r' has not started its second cycle at time t yet, 
hence r' has not observed r in at least three different positions yet, having a 
contradiction. 

An algorithm similar to the one used in [14] to discover the initial con- 
figuration (“distribution”) of the robots in the system, can be used to solve 
in SYm MA. Namely, each robot starts moving along the direction it locally 
chooses, e.g. the direction of its local y axis. When a robot r observes another 
robot r' in at least three different positions, r moved at least twice. Moreover, 
since in SYm the actions are instantaneous, r can correctly deduce that r' ob- 
served at least twice, hence that r' observed r in at least three different positions. 
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Therefore, r can correctly start T 2 when it observes all r' ^ r in at least three 
different positions. Hence, we can state the following 

Theorem 3. MA is solvable in SYm, in the non oblivious setting. 

Corollary 2. C C 3- 

A question that arises is: what does it happen in the oblivious case? Unfor- 
tunately, we do not yet have an answer. Our conjecture, however, is that the 
result stated in Corollary 2 holds also in the oblivious case. In the non oblivious 
setting, the fact that in CORDA a robot can be seen by its fellows while it is 
moving is crucial to prove £ C 3- This is not the case in the oblivious setting. 
In fact, since the robots have no memory of robots’ positions observed in the 
past, every time a robot r observes another robot r', r can not tell if r' moved 
since last cycle or not, and every observation is like the first one (that is every 
time r observes, is like the execution begins). Hence, we believe that the key 
to prove £ C 3 in the oblivious case is related to the fact that in CORDA the 
positions of the robots between a Look and a Compute can change, hence the 
computation can be done on ’’outdated” data. In other words, if r executes the 
Look at time t and the Compute at time t' > t, the set of robots’ positions at t 
and at f can be clearly different; hence r computes its destination point on the 
old data sensed at time t, implying that the movement will not be ’’choerent” 
with what it observed at time t. This clearly does not happen in SYm, where 
the possible states a robot can be in are executed instantaneously. 

4 Case Study: Oblivious Gathering 

In this section, we will give evidence that the algorithms designed in SYm in the 
oblivious setting do not work in general in CORDA. 

The problem we consider is the gathering problem: the robots are asked to 
gather in a not predetermined point in the plane in a finite number of cycles. 
An algorithm is said to solve the gathering problem if it lets the robots gather 
in a point, given any initial configuration. An initial configuration is the set of 
robots’ positions when the computation starts, one position per robot, with no 
position occupied by more than one robot. This is the only problem, to our 
knowledge, solved with an oblivious algorithm in SYm [1,14]. In the following, 
we will analyze both the unlimited and limited visibility setting. 

4.1 The Unlimited Visibility Setting 

An algorithm for solving the gathering problem in SYm in the unlimited visibility 
setting (called Algorithm 1 in Appendix A.l) is presented in [14]. The idea is 
as follows. Starting from distinct initial positions, the robots are moved in such 
a way that eventually there will be exactly one position, say p, that two or 
more robots occupy. Once such a situation has been reached, all the robots 
move towards p. It is clear that such a strategy works only if the robots in the 
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Fig. 2. Proof of Theorem 4. The symbols used for the robots are the same as in 
Figure 1. The dotted circles indicate the robots in the Look state; the grey ones 
the robots in the Compute state; the circle with an arrow inside are the robots 
that are moving; the white circles represent the robots in Wait. The arrows 
indicate the direction of the movement computed in the Compute state 



system have the ability to detect the multiplicity. In SYm this capability is never 
mentioned, but it is clearly used implicitly. 

Theorem 4. Algorithm 1 does not solve the gathering problem in CORDA, in 
the unlimited visibility setting. 

Proof. In order to show that Algorithm 1 does not solve the gathering problem in 
CORDA, we give an initial configuration of the robots and describe an activation 
schedule that leads to having two points in the plane with multiplicity greater 
than two, thus violating the invariant proven for Algorithm 1, that “eventually 
there will be exactly one position that two or more robots occupy” [14]. 

Let us suppose to have 4 robots r^, i = 1,2, 3, 4, that at the beginning are on 
a circle C, with T 2 and r^ that occupy the ending points of a diameter of C (as 
pictured in Figure 2, Cycle 1). In the following, the positions of the robots are 
indicated hy pi, i = 1,2, 3, 4. Executing Algorithm 1, but assuming the features 
of CORDA, a possible run (activation schedule) is described in the following. 

Cycle 1 At the beginning the four robots are in distinct positions, on a circle C. 
r\ and r-i enter the Look state, while the others are in Wait. After having 
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observed, both of them enter the Compute state, and let us assume that V2 is 
computationally very slow (or, alternatively, that r\ is very fast). Therefore, 
ri decides to move towards the center of C (part 2.3 of Algorithm 1), while C 2 
is stuck in its Compute state. ri starts moving towards the center, while r2 
is still in Compute, and and are in Wait. 

Cycle 2 ri is inside C, while the other robots are still on C. Now ri observes 
again (already in its second cycle) and, according to part 2.1 of the algorithm, 
decides to move toward a robot that is on the circle, say T 2 . Moreover, T 2 is 
still in the Compute state of its first cycle, and and are in Wait. 
Cycle 3 ri reaches T2 and enters the Wait of its third cycle: at this point, 
there is one position in the plane with two robots, namely p = pi = P2- 
Now, T 3 enters its first Look state, looks at the situation and, according to 
the algorithm, decides to move towards p, that is the only point in the plane 
with more than ore robots on it. T2 is still in its first Compute, and in 
Wait. 

Cycle 4 reaches r\ and V2 on p, and it starts waiting. r\ is in Wait, T2 still 
in its first Compute state, and starts its first Look state, decides to move 
towards p, and starts moving. 

Cycle 5 While T4 is on its way towards p, T2 ends its first Compute state. 
Since the computation is done according to what it observed in its previous 
Look state (Cycle 1), it decides to move towards the center of C (part 2.3 
of the algorithm). T2 starts moving towards the center of C after passes 
over the center of C , and while is still moving towards p; r\ is in Wait. 
Cycle 6 T2 and T 4 are moving in opposite directions on the same diameter of C, 
and they stop exactly on the same point p' (in CORDA a robot can stop before 
reaching its final destination). There are two points in the plane, namely p 
and p' with p ^ p' , with two robots on each. Therefore, the invariant proven 
for Algorithm 1, that “eventually there will be exactly one position that two 
or more robots occupy” [14], is violated. 

Remark 1 . We note that in Cycle 6 we made use of the possibility that a robot 
stops before reaching the destination point it computed. The proof, however, 
works even if we do not assume this; that is, if V 2 and r 4 do not stop before 
reaching their respective destination points. In fact, if we assume, as in SYm, 
that the robots simply cross each other without stopping, if (i) the crossing 
happens in a point p' yf p, and (ii) ri enters its Observe phase exactly when the 
crossing happens, we have that ri sees two points in the plane with two robots 
on each, namely p and p' , and does not know what to do, since this possibility 
is not mentioned in SYm’s algorithm. Therefore, Theorem 4 still holds. 

4.2 The Limited Visibility Setting 

In [1], an algorithm to solve the gathering problem in SYm in the limited visi- 
bility setting (called Algorithm 2 in Appendix A. 2) is presented. We recall that, 
in this setting a robot can see only whatever is at distance V from it. In the 
following we shortly describe it. 
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Let us denote by ri{t) the position of robot at time instant t. The set 
P{t) = , r„(t)} then denotes the set of the robots’ positions at t. Define 

G{t) = {R,E{t)), called the Proximity Graph at time t, by (ri,rj) € E{t) ^ 
dist{ri{t),rj{t)) < V, where dist{p,q) denotes the Euclidean distance between 
points p and q. It can be proven that, if the proximity graph is not connected 
at the beginning, the robots can not gather in a point [1] (form a point, in 
SYm language). 

Let Si{t) denote the set of robots that are within distance V from at time t; 
that is, the set of robots that are visible from (note that € S'i(t)). Gift) 
denotes the smallest enclosing circle of the set {rj{t)\rj S Si{t)} of the positions 
of the robots in Si{t) at t. The center of Gi{t) is denoted Ci{t). 

Every time a robot becomes active, the algorithm moves toward Cift), 
but only over a certain distance MOVE. Specifically, if does not see any robot 
other than itself, then does not move. Otherwise, the algorithm chooses x to 
be the point on the segment ri{t)ci{t) that is closest to Cift) and that satisfies 
the following conditions: 

1. distfriit), x) < a. An arbitrary small constant cr > 0 is fixed, and it is 
assumed that the distance a robot can travel in one state is bounded by cr 
(similarly to the e introduced in Section 2.2). 

2. For every robot Xj € Sift), x lies in the disk Dj whose center is the mid- 
point rrij of rift) and Xjft), and whose radius is V/2. This condition ensures 
that Xi and rj will still be visible after the movement of Xi (and possibly 
of Xj, see Figure 3. a). 
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Fig. 3. The algorithm for the gathering problem in SYm, limited visibility setting 
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We note that, since by condition 1. the algorithm uses the constant cr to 
compute the destination point of a robot, all the robots must agree on the value 
of this constant, and thus it must be a priori known. 

In [1] it is proven that, executing Algorithm 2, two robots that are connected 
in G{t), will be connected in G{t + 1). In the following theorem we prove that it 
does not solve the gathering problem in CORDA, in the limited visibility setting. 
Specifically, we give an initial configuration of the robots and describe a possible 
run of the algorithm that leads to partitioning the proximity graph: two robots 
that were visible until time t, are not visible any more at t + 1, contradicting the 
result proven in [1]. 

Theorem 5. The algorithm presented in [1] does not solve the gathering prob- 
lem in CORDA, in the limited visibility setting. 

Proof. In order to show that Algorithm 2 does not solve the gathering problem in 
CORDA, we give an initial configuration of the robots and describe an activation 
schedule that leads to partitioning the proximity graph: two robots that were 
visible until time t, are not visible any more at t + 1, contradicting the result 
proven in [1]. 

Let us suppose to have at the beginning 5 robots on a straight line, as shown 
in Figure 4. Moreover, let r be a constant such that t < a and 6 = t/ 16, where S 
is the constant introduced in the Assumption A2 in Section 2.3. At the beginning. 
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we have the following visibility situation: ri can see r2 {dist(ri,r2) = V), V2 can 
see ri and {dist{r2,r^) = V—t)^ can see T2 and T4 {dist{r^,r4) = 17), ta can 
see T3 and {dist{rA,r^) = V), can see r^. We recall that a robot always 
move towards the center Ci of the smallest circle enclosing all the robots it can 
see. Executing Algorithm 2, but assuming the features of CORDA, a possible run 
is described in the following. 



Cycle 1 All the robots, except ri and (that we assume in Wait), execute 
their first Look, and start the Compute state. Let us suppose that ra and r4 
are faster than T2 in computing. The values they compute are: 



rs- 



J Goal = dist{r3, C3) = 

( Limit = min{— ^ 



_ I v-T+v Y 



Move = — 



ta'. Goal = 0 Move = 0 

Moreover, and ta also start moving while V2 is still computing; ri and rs 
are in Wait. 

Cycle 2 After and r4 move, the visibility situation is the same as it was in 
the beginning, and ta Look and Compute again, as follows: 
r^: Goal = 0 Move = 0 

v+v- 

^ 1/ _u 



rA- 



Goal = dist{rA,CA) = 
v-i 



-V- 



Move = — 
4 



( Limit = min{ | 

T3 and Ta move again, while T2 is still in its first Compute state, and ri and rs 
in their first Wait. 

Cycle 3 After the movement of the previous cycle, the visibility situation is still 
unchanged, that is, the proximity graph is still connected, and ta enter 



their third Look and Compute states. 



rs- 



rA- 



j Goal = dist{r3, C3) = 


v-i+v-i ^ 

2 ^ ^ 2 


[ Limit = min{— ^ - 


1 V V-f , Vl _ T 
^ 2 ’ 2 2 f 4 


Goal = 0 Move = 0 





Move = 



T3 and T4 move again. The other robots are in the same states as in the 
previous cycle. 

Cycle 4 The proximity graph is still connected, and ta Look and Com- 
pute again (this is their fourth cycle). 
r^: Goal = 0 Move = 0 

V-ir+V-i 



Ta- 



Goal = dist{rA,CA) = 



Limit = min{— + 



2 ’ 



-E+§r 

V\ _ _3_, 
J 



= 16 ^ 



Move = — 
16 



2 ' 2 ’ 2 ' 2 J 16 ' 

T3 and Ta enter the Move state. Meanwhile, T2 finishes its first Compute. The 
values it computes refer to what was the situation when it observed, in Cycle 

1 . 

/ Goal = dist{r2, C2) = I - V\ = ^ .. r 



r2- 



Move = 



Limit = “ 2 ^ 

T2 starts moving according to the destination point it just computed (it 
enters it first Move state). 
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Cycle 5 The distance between T 2 and is y + r/8 > V\ so T 2 and can 
not see each other anymore, breaking the proximity graph connectivity that 
we had at the beginning of the cycle. So, the invariant that “robots that 
are mutually visible at t remain within distance V of each other thereafter” 
asserted in [1] is violated. Therefore, the theorem follows. 

5 Conclusions 

In this paper we discussed two models, SYm [1,14], and CORDA [6,7,8], whose 
main focus is to study the algorithmic problems that arise in an asynchronous 
environment populated by a set of autonomous, anonymous, mobile units that 
are requested to accomplish some given task. These studies want to gain a better 
understanding of the power of the distributed control from an algorithmic point 
of view; specifically, the goal is to understand what kind of goals such a set 
of robots can achieve, and what are the minimal requirements and capabilities 
that they must have in order to do so. To our knowledge, these are the only 
approaches to the study of the control and coordination of mobile units in this 
perspective. 

We showed that the different way in which the asynchronicity is modeled in 
SYm and CORDA, is the key feature that renders the two models different: in 
SYm the robots operate executing instantaneous actions, while in CORDA full 
asynchronicity is modeled, and the robots elapses finite, but otherwise unpre- 
dictable, amount of time to execute their states. In particular, we showed that 
£ C 3 in the non oblivious setting. Therefore, one open issue is to prove this 
result also in the oblivious setting. 

We feel that the approach used in CORDA better describes the way a set 
of independently-moving units operates in a totally asynchronous environment; 
hence the motivation to further investigate coordination problems in a dis- 
tributed, asynchronous environment using the fully asynchronous approach. Is- 
sues which merit further research, regard the operating capabilities of the robots 
modeled. In fact, it would be interesting to look at models where robots have dif- 
ferent capabilities. For instance, we could equip the robots with just a bounded 
amount of memory {semi- obliviousness), and analyze the relationship between 
amount of memory and solvability of the problems, or how it would affect the 
self-stability property of the oblivious algorithms [7]. 

Other features that would inspire further study include giving a dimension to 
the robots, and adding stationary obstacles to the environment, thus adding the 
possibility of collision between robots or between moving robots and obstacles. 
Furthermore, we could also study how the robots can use some kind of direct 
communication, and we could introduce different kinds of robots that move in the 
environment (as in the mfrader problem, where all the robots in the environment 
must chase and “catch” a “designated” robot). 

Relationship between memory and ability of the robots to complete given 
tasks, dimensional robots, obstacles in the environment that limit the visibility 
and that moving robots must avoid or push aside, suggest that the algorithmic 
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nature of distributed coordination of autonomous, mobile robots merits further 
investigation. 
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Appendix 



A Oblivious Gathering in SYm 

In this appendix, we report the oblivious algorithms described in [1,14] that let 
the robots gather in a point in SYm, in both the unlimited and limited visibility 
settings. 

A.l Unlimited Visibility 

In the following we report the oblivious algorithm described in [14] that lets the 
robots achieve a configuration where a unique point p with multiplicity greater 
than one is determined. 

Algorithm 1 (Point Formation Algorithm in SYm, Unlim. Visib.[14j) 



Case 1. n = 3; pi, p 2 , and ps denote the positions of the three robots. 

1.1. If n = 3 and p\, p 2 , and pa are collinear with p 2 in the middle, then 
the robots at pi and pa move towards p 2 while the robot at p 2 remains 
stationary. Then eventually two robots occupy p 2 . 

1.2. If n = 3 and pi, p 2 , and pa form an isosceles triangle with |pT^| = 
jpiPal jp 2 Pa|, then the robot at pi moves toward the foot of the per- 
pendicular drop from its current position to P 2 P 3 in such a way that 
the robots do not form an equilateral triangle at any time, while the 
robots at p 2 and pa remain stationary. Then eventually the robots be- 
come collinear and the problem is reduced to part 1.1. 

1.3. If n = 3 and the lengths of the three sides of triangle Pi,P 2 ,P 3 are all 
different, say |piP 2 | > |pipa| > jp 2 Pa|, then the robot at pa moves toward 
the foot of the perpendicular drop from its current position to p\P 2 while 
the robots at pi and p 2 remain stationary. Then eventually the robots 
become collinear and the problem is reduced to part 1.1. 

1.4. If n = 3 and pi , p 2 , and pa form an equilateral triangle, then every robot 
moves towards the center of the triangle. Since all robots can move up 
to at least a constant distance e > 0 in one step, if part 1.4. continues to 
hold then eventually either the robots meet at the center, or the triangle 
they form becomes no longer equilateral and the problem is reduced to 
part 1.2 or part 1.3. 

Case 2. n > 4; C* denotes the smallest enclosing circle of the robots at time t. 

2.1. If n > 4 and there is exactly one robot r in the interior of Ct, then r 
moves toward the position of any robot, say r', on the circumference 
of Ct while all other robots remain stationary. Then eventually r and r' 
occupy the same position. 

2.2. If n > 4 and there are two or more robots in the interior of Ct, then 
these robots move toward the center of Ct while all other robots remain 
stationary (so that the center of Ct remains unchanged) . Then eventually 
at least two robots reach the center. 
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2.3. If n > 4 and there are no robots in the interior of Ct, then every robot 
moves toward the center of Ct- Since all robots can move up to at least 
a constant distance e > 0 in one step, if part 2.3 continues to hold, then 
eventually the radius of Ct becomes at most e. Once this happens, then 
the next time some robot moves, say, at t', either (i) two or more robots 
occupy the center of Ct or (ii) there is exactly one robot r at the center 
of Ct^ and therefore there is a robot that is not on Ct' (and the problem 
is reduced to part 2.1 or part 2.2) since a cycle passing through r and 
a point on Ct intersects with Ct at most at two points. 



A. 2 Limited Visibility 

In the following we report the oblivious algorithm described in [14] that lets the 
robots gather in a point (refer to Figure 3.b). 

Algorithm 2 (Point Formation Algorithm in SYm, Lim. Visib. [1] ) 

1. If Si{t) = {vi}, then x = ri{t). 

2. Wrj e S^(t) - {rj, 

2.1. dj = dist{ri(t),rj{t)), 

2.2. 6j = a{t)r^(t)rj(t), 

2.3. Ij = (dj/2) cosOj + ^{yj2Y - {{djl2) sin 0^)2, 

3. LIMIT = 

4. COAL = dist{ri{t),Ci{t)), 

5. MOVE = mi njCOAL , LIMIT, cr}, 

Q. X = point on ri{t)ci{t) at distance MOVE from 
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Abstract. The Associative Language Description model (ALD), a 
combination of locally testable and constituent structure ideas, has been 
recently proposed to overcome some criticisms relative to context-free 
languages. This approach is consistent with current views on brain 
organization and can conveniently describe typical technical languages 
such as Pascal or HTML. ALD languages are strictly enclosed in 
context-free languages but in practice the ALD model equals context- 
free grammars in explanatory adequacy. Moreover, it excludes 
mathematical sets based on counting properties that are never used in 
the definition of artificial languages. Many properties of ALD are still 
to be investigated. Here, a characterization of context free languages in 
term of ALD languages is proved and a new hierarchy in the ALD 
family is given. 



1 Introduction 

In spite of their universal adoption in language reference manuals and compilers, 
Context-Free (CF) Grammars have a generative capacity that is partly misdirected: it 
affords languages that are unsuitable for practical use, like counting languages, which 
characterize the legal strings by some numerical congruence. Clearly, nobody has 
ever proposed a language where grammaticality depends on the number of certain 
items being congruous to some integer value. In an attempt to rule out counting, years 
ago the class of NC CF languages has been introduced for parenthesis grammars [1], 
and later on reformulated within the theory of tree languages [2]. 
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Another defect of CF grammars that has been often pointed out (for instance by the 
Marcus’ school of Contextual Grammars) is that CF grammars require an unbounded 
number of metasymbols, the nonterminals. A “pure” grammar should not use 
metavariables, which are “external” to the language, but it should rely instead on 
structural and distributional properties. 

In [3], a language definition technique has been presented that addresses both 
criticisms, but does not extend the capacity of CF grammars: the Associative 
Language Description model (ALD), originally motivated by the want of a brain 
compatible theory of language. In essence, this definition combines the concepts of 
local testability and of phrase structure in as simple a way as possible and it is related 
with Z. Harrys's linguistic models of word distribution in sentences. Such approaches, 
also known as Skinner's associative models, were antagonized by Chomsky's 
generative grammars and had no comparable success. Yet, associative models on the 
one hand provide an intuitively appealing explanation of many linguistic regularities, 
on the other they are aligned with current views on information processing in the 
brain [4]. 

The ALD model has been studied more in depth in [5], where basic properties of 
the model were established, such as nonclosure under union, concatenation and 
homomorphism, and strict inclusion in the CF family; moreover, the ALD family of 
languages was compared with CF, Non-Counting (NC) CF, locally testable, non- 
contextual families of languages, and other families. However, many problems still 
remain open, the main one being the inclusion of regular languages in the ALD 
family. The expressive adequacy of the ALD family for common artificial languages, 
such as Pascal and HTML, has been shown in [6]. 

The aim of this paper is to solve a few of the open questions, by establishing a new 
hierarchy in the ALD family and giving a characterization of CF languages in terms 
of the ALD family. Section 2 recalls the basic definitions and some properties of the 
model, while Section 3 proves the main theorems of the paper. Section 4 draws a few 
conclusions. 



2 Basic Definitions 

Let E be a finite alphabet, and let Ai E be the placeholder. 

Definition 2.1. (stencil trees, frontier, constituents) 

A stencil tree is a tree such that its internal nodes are labeled by A and its leaves have 
labels in Eu{£}. The constituents of a stencil tree are its subtrees of height one and 
leaves with labels in Eu{e}u{A}. The frontier of a stencil tree T or of a constituent K 
is denoted, respectively, by T (T) and T (K). 

Definition 2.2. (maximal subtree) 

Given a stencil tree T, a maximal subtree of T is a subtree of T whose leaves are also 
leaves of T. 
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Definition 2.3. (left and right contexts) 

Let T be a stencil tree. For an internal node i of T, let K; and Tj be respectively the 
constituent and the maximal subtree of T having root i. Consider the tree T' obtained 
by excising the subtree Ti from T, leaving only the root, labeled A, of Ti behind. Let s, 
t e E be two strings such t (T') = s A t. 

The left context of Kj in T and of Tj in T is leftlK.^, T) = left(T[, T) = s; the right 
context of K| in T and of Ti in T is right(Ki, T) = rightiji, T) = t. 

Definition 2.4. (ALD, pattern, permissible contexts of a rule) 

Let Tg E be the left/right terminator. An Associative Language Description (ALD) A 
is a finite collection of triples (x, z, y), called rules, where x e {8 U_L}E , 
ye E*{T u 8 }, and z e (EuA)* \ {A}. 

The string z is called the pattern of the rule (x, z, y) and the strings x and y are 
called the permissible left/right contexts. 

Shorthand notations 

When a left/right context is irrelevant for a pattern, it is represented by the empty 
string 8 or it is omitted. The new symbol A may be used to denote the optionality of 
one occurrence of A, that is to merge two rules (x, z' A z", y) and (x, z' z", y) into the 
rule (x, z' Az", y). Other convenient shorthands have been defined in [6], but they are 
not used in this paper. 

An ALD defines a set of constraints or test conditions that a stencil tree must 
satisfy, in the following sense. 

Definition 2.5. (Constituent matched by a rule, valid trees) 

Let A be an ALD. A constituent Ki of a stencil free T is matched by a rule (x, z, y) of 
an ALD A iff: 



1) z = T(K.), 

2) X is a suffix of Tleft(Ki, T), and 

3) y is a prefix of right(Ki, T)±. 

A stencil tree T is valid for A iff each constituent Kj of T is matched by a rule of A. 

Therefore, an ALD is a device for defining a set of stencil trees and a string 
language, corresponding to the set of their frontiers. The validity of a stencil tree is 
determined by means of a derivation but by a test. Hence, an ALD is not a generative 
grammar. 

Definition 2.6. (Tree language and string language of an ALD) 

The (stencil) tree language defined by an ALD A, denoted by Tl(A), is the set of all 
stencil trees valid for A. The (string) language defined by an ALD A, denoted by 
L(A), is the set {x e E* | x = x(T) for some tree Te Tl(A) }. 

Example 2.1. Let L be the CF language {a^b" | n>0}^, which is generated for example 
by the CF grammar G with axiom S, nonterminals X and S, and productions S^XS | 
aXb, X^aXb | 8. L is also defined by the ALD {(±, aAbA, T), (b, aAbA, T), (a, aAb, 
b), (a, 8, b)}. For instance, the string a^b^ab of L is the frontier of the valid tree shown 
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in Fig. 1, where the constituent Ki is matched by the rule (_L, aAbA, ±), the constituent 
K2 is matched by the rule (a, aAb, b), the constituent K3 is matched by the rule (b, 
aAb, _L) and both constituents labeled K4 are matched by the rule (a, e, b). Notice that 
this tree is different from the derivation tree in G of the string a^b^ab. 




Fig. 1. A valid tree for Example 2. 1 



Definition 2. 7. (degree, width of an ALD) 

For every ALD A and every rule (x, z, y) in A the degree of the rule (x, z, y) is max 
(|x|, |y|), the maximum length of the permissible left/right contexts; the width of the 
rule (x, z, y) is |z|, the length of the pattern. For an ALD A the degree is the 
maximum degree and the width is the maximum width of its rules. 

Definition 2.8. (Left and Right Contexts) 

Let A be an ALD of degree k. LCk (Left Contexts) is the set: E*^uLJo<j<k-i-LS, RCk 

(Right Contexts) is the set: Z'‘uLJo<j<k-i^'’-L- 

Definition 2. 9. (homogenous and reduced ALD) 

An ALD A of degree k is: 

homogeneous iff A c LCkX (E u{A})* xRCk; 

reduced iff each rule matches some constituent, in some valid tree. 

Definition 2.10. (equivalent, structurally equivalent ALD's) 

Two ALD's Ai, A2 are called equivalent fresp. structurally equivalent) iff L(Ai) = 
L(A2)(resp. Tl(A0 = Tl(A 2)). 

The assumption that an ALD is homogeneous and reduced does not violate 
generality, as shown by the following proposition. 

Lemma 2.11 [6] For every ALD there exists a structurally equivalent, homogeneous 
and reduced ALD. 



2.1 Examples of ALD Languages 

To better assess the expressive power of the ALD family, it is useful to look at 
various examples of ALD and non- ALD languages. 
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While it is unknown, at the present, whether the ALD family includes the regular 
languages, there are various examples of regular languages that are in ALD. A non- 
trivial example is the following regular language. Let Li and L 2 be two languages: the 
shuffle Li II L 2 is defined as the language: {xi yi X 2 y 2 ... x„ yn | n > 1, xj g E , yj 
G E , Xi X 2 ... Xn G Li, yi y 2 ... yn e L 2 }. The regular language L = a || b c d is 
described by the ALD rules: 

(_L, A c A d A, ±), {_L, A c A, _L), (_L, A d A, _L), (±,e,_L), (£, A a, e), (±, A b, e), (c, A c, e), (d, A d, e) 

Many CF languages are ALD, such as the cited Pascal and HTML. We also 
provide here a few examples of CF languages not in the ALD family: 

{a"b" |n> 1} u {a"b"“ |n> 1}, 

{a"b"a”’b'” |n,m>l}, 

{a"cb"a”db'" |n,m>0}. 

The proof that these languages are not ALD is omitted, since it is a simple 
variation of similar proofs in [5]. Notice that simple changes to the alphabet of a 
language may make it ALD: for instance, {a"b" | n > 1} u {a"c^“ | n > 1} is ALD. 
This fact will be explained in Theorem 3.9 below. 



3 A Hierarchy of ALD Languages 

In [5] it has been proved that the degree classifies the ALD family in an infinite, strict 
hierarchy. A similar, but weaker, result holds also with respect to the width. Let 
ALDw = k, k > 0, be the subfamily of ALD having width k. 

Proposition 3.1. For all k > 0, there exist an ALD language L such that L is not 
ALDw = k but is in ALDw = k^- 

Proof. For every i >0, let Lj = {b‘" I n>l}, where each L, is defined by the ALD rule 
(_L, Ab‘, 8). Assume by contradiction that there is k > 0 such that every language in the 
ALD family is also ALDw = k- Let j = k^: Lj g ALDw = k- Let A be an ALD of width k 
defining Lj. Without loss of generality, we can assume that A is homogeneous and 
reduced of degree r for some r>0. Hence, every rule with contexts not including the 
endmarker must be of the form (b'^, z, b") with zg {b. A} , 0< |z | <k. 

Claim 1: We can assume that for each rule of the form (b"^, z, b"^), with z g {b. A} , the 
rule is in A only if z g b . 

To prove the claim, first we notice that if (b", z, b") g A, with zg {b. A} A {b. A} , 
then the rule must occur in a valid tree, since A is reduced. But then also a rule of the 
form (b*^, b*, b'^) for some s, 0<s<k, must occur in the same valid tree (since a node 
labeled A cannot be on the frontier of a valid tree). We now claim that in this case 
s = 0 and z does not contain any occurrence of b. As a consequence, if there is a 
constituent K matched by the rule (b*^, z, b"^) then the maximal subtree with the same 
root of K has an empty frontier. In fact, take a valid tree T where the rule (b*^, z, b'^) 
matches some constituent (Fig.2, case (a) ), i.e., a valid tree having a constituent K 
whose frontier is b* and whose right and left contexts are both i.e., it is matched by 
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(b"^, b®, b"^). The frontier t(T) of T is b'*' for some h > 0. Let T' be a new tree obtained 
from T by replacing the constituent K with a constituent K' matched by the rule (b*^, z, 
b'^), and by appending the constituent K to each A occurring on the frontier of K'. T' is 
a valid tree because the new constituents K' and K are matched respectively by the 
mles (b*^, z, b"^) and (b*^, b®, b'). The frontier of the maximal subtree with root K' is 
bN-'+'s where t< |z |<k is the number of A occurring in z (see Fig. 2, (b) ). Hence, T (T') 
= where 0 < |z| - 1 + (t-l)s < |z | + (t-l)s < k + (k-l)k = k^. Since j = k^, 

then T (T') e Lj necessarily implies |z |-t+ (t-1) s = 0: since t>l and |z|>t, it must be |z| 
= t and s = 0. This means that if there is a rule of the form (b', z, b"), with z e {b} A{b, 
A} , then in A there cannot be any rule of the form (b', b®, b“) with s > 0, and z must 
be of the form A* for some t, 0<t<k. Since there is no way to add b’s by using rules of 
the form (b*^, A‘, b"^), for some t<k, we can safely remove all those rules from A, 
obtaining an equivalent ALD that is homogeneous, reduced, of width k, of degree r 
and where the rules of the form (b'^, z, b") have z g b . Hence, we can assume that A is 
already in this form. 





(a) The tree T (b) The tree T' 

Fig. 2. T' is obtained from T by replacing K, in the left and right contexts fr, with a constituent 
K' matched by (b^ z, b"), z e {b} A{b,A} . In the picture, it is shown the case where z includes 
two placeholders 

Claim 2. For all t, 0<t< k, and for all s, l<s<k, there is no mle in A of the form (_Lb‘, 
Ab*, b") or of the form (b'^, bA, b‘_L). Suppose by contradiction that in A there is at 
least a rule of the former form, the latter case being analogous. Then, since the ALD 
is reduced there is a valid tree T with a constituent K matched by the rule. Let t (T) = 
fr" for some n > 0. Let Ti be the maximal subtree of T with K at its root. Denote with 
T 2 a free with the constituent K at its root and with the tree Ti appended at the node 
labeled A (hence, there are two constituents of T 2 matched by the rule (_Lb‘, Ab®, b"^) ). 
Let T' be the free obtained by replacing in T the subtree Ti with the tree T 2 . T' is a 
valid tree because the contexts of K and Ti in T' are equal to the contexts of Ti in T, 
but T' is longer than T of exactly s characters: T (T') = with 0 < s<k < j. Then 
t(T') i L(A). 

Claim 3. There is a constant p > 0 such that every valid tree T of A, whose frontier is 
larger than p, has at least a constituent K matched by one rule of A either of the form 
(_Lb‘, Av, b") or of the form (b^ vA, b‘_L), for some t < r and vg {b. A}*. 

The constituent K of part (a) is at the root of a maximal subtree whose frontier is 
larger than b*^. 
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In A there is at least a rule (b'^, b*, b") with 0<s<k. 

If the constituent K of part (a) is matched by a rule such that ve A then in A there 
is at least a rule of the form (b"^, b®, b") with 0 < s <k. 

Part (a). By Claim 1, in the ALD A there is at least a rule (_Lb‘, z, b") with 
ze {b} A{b, A} , otherwise it would be impossible to get valid trees whose frontier is 
1/*, for n > k. Moreover, if the pattern of each rule (_Lb*, z, b") (resp. (b*^, z, b*_L) ) had 
prefix (resp. suffix) b then the rule could match a constituent at most once in a valid 
tree. Hence, if part (a) of Claim 3 were false, the height of the valid tree T would be 
less or equal to the number |A | of rules in A: since the width is limited, the maximum 
length of the frontier of a tree without such constituent is k |A |. Select p = max (r, |x 
(T) I) > max (r, k |A |) to have a contradiction. Hence, in every valid tree of frontier 
larger than p there must be an occurrence of either a constituent K matched by (_Lb', 
Av, b") or by (b"^, vA, b‘_L), for some t < r and vg {b, A}‘. 

Part (b). If p is large enough, the occurrence of the constituent K can be chosen 
high enough in T to be the root of maximal subtree T' whose frontier is larger than pi 
= max (r, k |A |) (by applying the same line of reasoning). 

Part (c). By combining Claim 3, part (a), and Claim 2, the constituent K has vg {b, 
A} A{b, A} and in A there is no rule of the same form with vGb^. Then each 
occurrence of a placeholder in v must be in the left context b*^ and in the right context 
b^ Hence, to be able to “close” those rules, it is necessary that in A there are rules 
with the same contexts. But by Claim 1, only rules of the form (b"^, b®, b") with 0<s<k 
are possible with left and right contexts b*^. 

Part (d). If V G A and all productions of the form (b"^, b®, b") have s = 0, then all the 
placeholders at the right of the leftmost one in the constituent, with both left and right 
contexts b*^, would be roots of frees whose frontier is the empty string. Since no other 
rule can match a constituent at the root of a tree with more than p b’s, the frontier of 
the maximal subtree T' would be shorter than pi. 

Now we prove the statement of the proposition. Let T be a valid tree whose frontier 
is ft" with n larger than the constant p of Claim 3. By Claim 3, T has a maximal 
subtree T i such that the left and right contexts of T i are, respectively, either _Lb* and 
b"^, or b"^ and b*±, for some t, 0<t < r, with |x (Tl) | > r. Assume that the contexts of Ti 
are _Lb‘ and b"^, respectively. The constituent K of T at the root of Ti is matched by a 
rule (_Lb‘, Av, b"), for some v. By claim 3, either there is s > 0 such that (b"^, b*, b") is in 
A or in V there is at least one occurrence of the letter b. As shown in Fig. 3, let T 2 be 
the free that has the constituent K at its root, where, at the node labeled by the 
leftmost occurrence of A, the tree Tj is appended, and where at each remaining 
occurrence of A a constituent Kl, matched by (b*^, b®, b") of A, with s > 0, is appended. 
Since the constituent K has at most k-1 placeholders, and 0 < s<k, then t (Tj) = 
where q<k (k-1) < j. By Claim 3, part (d), q > 0. Replace Ti in T with the tree T 2 , 
obtaining a tree T'. T' is a valid tree because the contexts of K and Tj in T' are equal to 
the contexts of Ti in T, and both of the contexts of Kl in T' are b^ Then the frontier of 

T' is T (T') = b'"^‘* with 0 < q < k^ = j, which is not a word in Lj: a contradiction. ■ 
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The tree T 



Fig. 3. The trees T and T' of the proof of Theorem 3.9 

Remark. The above proof shows that for every k>l there is a regular language Lj = 
{bJ” |n > 0}, with j = k^, that is in ALDw =j but not in ALDw = k- Hence, the theorem 
cannot state that there is a proper hierarchy for the width, i.e., that each level is 
properly contained in the following level, but only that the hierarchy is infinite. This 
derives from the usage of Lj as typical language of ALDw = j- A strict hierarchy 
theorem could be proved only if Lj is in ALDw = k+i- Actually, we can prove that LjG 
ALDw = h with h < j. Namely, Lj is defined for j even by the ALD A: (±, AW^A, 8 ), (b, 
8) and for j odd by the ALD A': (±, Ab^^^^A, 8), (b, 8), both having width 

Lj/2j+2. In most cases, it seems possible to improve further this bound: for instance, 
L9 is defined by the following ALD of width 4: (±, AbAA, 8), (b, b"*, 8). This means 
that the language L9 is at the level 4 of the hierarchy, while, by Proposition 3.1, it is 
not at the level 3: level 3 is strictly included in level 4. Similarly, L4isnot in ALDw = 2, 
though it is in ALDw = 3. It could then be possible to generalize this fact and prove that 
that for every k > 1 there exists a language that is in ALDw = kbut not in ALDw = k-i. 

The previous examples show also a general fact about ALD’s: to decrease the 
width it is often necessary to increase the maximum number of placeholders in the 
rules. So the following problem naturally arises: does the maximum number of 
placeholders in ALD rules classify ALD's in a hierarchy? or may each ALD language 
be defined by an ALD whose rules contain at most k placeholders? In the latter case, 
an analogy with the CF case suggests that a possible value for k is 2. 

As pointed out in the introduction, it is yet unknown whether all regular languages 
are also ALD languages. However, all CF unary languages (hence, regular) can be 
described by ALD. 

Proposition 3.2 Every context-free language on a one-letter alphabet is an ALD 
language. 

Proof: Each CF unary language is semilinear: hence, it is the finite union of the 
languages of the form Lj = {y" | n > 0}, for every j (and possibly also with the empty 
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string). Let L be a CF language on a one-letter alphabet. Hence, there exists n such 
that L = Lkj U Lkj U ... L is defined by the following ALD: { (±, a'‘‘ A, _L) | 
l<i<n} u { (± a*‘‘, Aa'‘‘, ±) | l<i<n}.B 

In [5], it has been proved that the ALD family is strictly included in the CF one and 
that it is not closed under homomorphism. Here we prove that the closure of ALD 
under homomorphism gives exactly the family of CF languages. 

We recall the following 

Definition 3.3. [7] (Operator form of CF grammars) 

A context free grammar G = (Vn, 2, P, S) is said in operator form if P c Vn X 
(VnUE) * \ (VnUE) ‘ Vn" (VnUE) *. 

This means that each rule of P is either in the form: 

A — for Ag Vn, Bg Vn'^El.*-[8j‘, 

or in the form A— >aBC[3, where for all a, pe (VnUE) *, A, Be (VnUE) either Be E 
or Ce E. 

Roughly speaking, in the right-hand side of a rule two nonterminals are never 
adjacent. 

The following theorem is well-known: 

Theorem 3.4 ([7], th.4.8.2). For any context-free grammar G there is an equivalent 
grammar G' in operator form. 

Looking at the proof of Theorem 3.4 in [7], it is easy to check that, in the grammar 
G', the right-hand side of a production contains at most two nonterminals; moreover, 
the productions of the form A— >B for Ag Vn, Bg VnU {8} can be eliminated: add the 
productions obtained by replacing with B all occurrences of A in the right-hand side 
of a rule to the productions of G'. So we can state the following 

Corollary 3.5. For every context-free grammar G there is an equivalent grammar G' 
in operator form whose productions are in one of the following forms: 

A^a for Ag Vn, aG E, or 
A^aBp with apGE"^, A, Bg Vn. 

A-^aByCp with a, pG E*, yG if, A, Bg Vn. 

We recall two definitions and a lemma from [5], stated here for the case of degree 
k=l. 

Definition 3.6 (Contexts of the nonterminals of a CF grammar) 

Let G = (Vn, E, P, S) be a CF grammar. For every Xg Vn, Con(X) is the set: 

{(x, y) I (x, y) gLCiXRCi a3u g _LE* a3v g E*_L a 3 zgE*: ±S_L=>*g uxXyv=>*o 
uxzyv} 

Definition 3.7 (Disjoint operator form of CF grammars) 

Let G = (Vn, E, P, S) be a CF grammar. G is said to be in disjoint operator form if, 
and only if: 




Some Structural Properties of Associative Language Descriptions 181 



G is in operator form; 

Con(X) for all XeYn; 

For all X, Ye Vn, with X;^Y, Con(X) nCon(Y) = 0. 

A disjoint operator form grammar can always be transformed into an equivalent 
ALD of degree 1, as stated in the next lemma. 

Lemma 3.8 ([5]) Let G = (Vn, P, S) be a CF grammar in disjoint operator form. 
Let h: Vn U Z — >AuZ be the homomorphism defined by h(a) = a for a e Z, h(X) = A 
forXe Vn. 

Let A be the following homogeneous ALD of degree 1 : 

{(x, w, y) I 3 X G Vn, z g (VnUZ)*: X ^ z g P, w = h(z), (x, y) g Con(X) }. 

A is structurally equivalent to G. Then we can prove the following: 

Theorem 3.9. A language L is context-free if and only if it is a (non erasing) 
homomorphic image of an ALD of degree 1 . 

Proof. Obviously, the homomorphic image of an ALD is a CF language because 
every ALD language is CF and the CF family is closed under homomorphism. 

Conversely, let L be a CF language. Without loss of generality we can assume that 
it is generated by a grammar G = (Vn, Z, P, S) in operator form with productions of 
types described in Corollary 3.5. We construct from G a new grammar G' by 
renaming the terminal symbols which precede or follow a nonterminal, according to 
following mles: 

P' = {A^a I A^a g P} u 
{A^a (a, B) B (b, B) (3 | A-»oaBbp g P} u 
{A-^B (b, B) (3 I A-^Bb(3 g P} u 
{A-^a (a, B) B | A->oaB g P} u 

{A-»a (a, B) B (c, B) y (d, C) C(b, C) (3 | A-^aaBcydC b(3 g P} u 

{A-^B (c, B) y (d, C) C(b, C) (3 | A-»BcydC b[3 g P} u 

{A-^a (a, B) B (c, B) y (d, C) C | A^oaBcydC g P} u 

{A-^B (c, B) y (d, C) C | A-^BcydC g P} u 

{A->a (a, B) B (c, BC) C(b, C) (3 | A->aaBcCb(3 g P}} u 

{A-4B (c, BC) yC (b, C) (3 | A-^BcCbp e P} } u 

{A-»a (a, B) B (c, BC) C | A->oaBcC g P}} u 

{A^B (c, BC) C I A-^BcC g P} 

where A, B, C are in Vn, a, b, c are in Z and a, p, y are in Z*. 

Then G' = (Vn, Z u {Z X (Vn uV n ) }, P', S) is a CF grammar in disjoint operator 
form. Then by Lemma 3.8 there is a homogeneous ALD A of degree 1 structurally 
equivalent to G'. Let L' = L(G') = L(A) and let h be the homomorphism from Z u 

{Z X (Vn uV ) } to Z that acts as identity on Z and as natural projection on Zx (Vn 

uV ^ ). It is obvious that h(L') = L. ■ 
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Corollary 3.10. A language L defined by an ALD of degree k is a (non erasing) 
homomorphic image of an ALD of degree 1 . 

Theor. 3.9 shows that by a suitable change of alphabet any CF language can be 
turned into an ALD language of degree one, preserving its structure. As a practical 
case consider the language Pascal, which is an ALD language of degree 3 [6]. By a 
change of alphabet, the degree can be lowered to 1 . In practice, one does not need to 
turn the grammar into operator form, nor to rename all terminals surrounding 
nonterminal symbols, as in the proof of Theorem 3.9; it suffices to rename the rare 
terminal occurrences where the contexts do not meet the disjointness hypothesis of 
Definition 3.7. Similar transformations of the surface representation of a language 
have been applied in the early days for obtaining grammars suitable for parsing using 
precedence algorithms. Another remark relates Theor. 3.9 to modem mark-up 
languages such as XML. The terminal symbols introduced in the proof can be viewed 
as "tags" that mark-up or delimit a piece of text. 

4 Conclusions 

In spite of the simplicity of the model, various theoretical questions on ALD are still 
open or under investigation, e.g. inclusion of the regular set, some decidability 
properties, minimization w.r.t. degree or width, hierarchy with respect to the number 
of placeholders in a pattern. Comparisons with related models, such as the contextual 
grammars of S. Marcus [8] and [9], are given in [5]. A similar, but more complex, 
model has been introduced in [10]. 

We hope that ALD could be a good model both as an explanation of fundamental 
syntactic phenomena and as a practical technique for language specification. To 
explore to what extent existing technical languages can be defined by ALD, in [6] the 
CF syntax of Pascal has been completely defined by ALD mles; it was checked that 
the main features of HTML can be described conveniently by ALD. 
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Abstract. We introduce the notions of blocked, block-marked and block- 
deterministic regular expressions. We characterize block-deterministic 
regular expressions with deterministic Glushkov block automata. The 
results can be viewed as a generalization of the characterization of one- 
unambiguous regular expressions with deterministic Glushkov automata. 
In addition, when a language L has a block-deterministic expression E, 
we can construct a deterministic finite-state automaton for L that has 
size linear in the size of E. 



1 Introduction 

A regular language is one-unambiguous, according to Briiggemann-Klein and 
Wood [4], if there is a deterministic Glushkov automaton for the language. An 
alternative definition of one-unambiguity based on regular expressions is that 
each position in a regular expression has at most one following position for 
each symbol in the expression’s alphabet. The latter definition is used to define 
unambiguous content model groups in the Standard Generalized Markup Lan- 
guage (SGML) [13], which are a variant of regular expressions. Indeed, it was 
the SGML standard that motivated Briiggemann-Klein and Wood’s investiga- 
tion of one-unambiguity. In contrast, to the results of Book and his coworkers [3] 
on ambiguity of regular expressions, there are regular languages that are not 
one-unambiguous [4]. It is clear, from the definition of one-unambiguity, that 
when a regular expression is one-unambiguous it is also unambiguous in the 
sense of Book and his colleagues. The difference is that one-unambiguity can 
also be viewed as one-determinism. A lookahead of one symbol when processing 
a string from left to right determines a unique next position in the given regular 
expression; they are, essentially, LL(1) regular expressions [1,4]. 

* The third author’s research was supported under a grant from the Research Grants 
Gouncil of Hong Kong SAR. It was partially carried out while the first author was 
visiting HKUST. 
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These observations lead to two possible generalizations (at least) of one- 
unambiguous regular expressions. The first is based on a lookahead of at most 
^ ^ 1 symbols to determine the next, at most one, matching position in a reg- 
ular expression. The second is similar except that when we use a lookahead 
of I symbols we must match the next I positions uniquely. The first notion de- 
fines fc-unambiguous expressions and the second defines /c-block-deterministic 
expressions. We focus on fc-block-deterministic expressions in this work. 

Our results have an interesting implication about the regular languages that 
have block-deterministic expressions. When a language L has a fc-block-determi- 
nistic expression E, we can construct a deterministic finite-state automaton for L 
that has size linear in the size of E. Are there other “natural” classes of regular 
expressions that have this property? 

In Section 2, we review basic notation and terminology and, in Section 3, we 
introduce blocked expressions, block-marked expressions and block-deterministic 
expressions. In Section 4, we characterize block-deterministic languages in terms 
of block-deterministic automata. 

2 Notation and Terminology 

Let E be an alphabet of symbols. A regular expression over E is built from A, 
0, and symbols in E using the binary operators -I- and • and the unary operator *. 
The language specified by a regular expression E is denoted by L(if) and it is 
referred to as regular language. 

To indicate different positions of the same symbol in a regular expression, 
we mark symbols with unique subscripts. For example, (ai -I- 6i)*a2(a3t»2)* and 
(tt4 -I- 1)2)* ai{a^bi)* are both markings of the regular expression {a + b)* a{ab)* . 
A marking of a regular expression E is denoted by A'. If iL is a subexpression 
of E, we assume that markings H' and E' are chosen in such a way that iL' is a 
subexpression of A'. A marked regular expression E' is a regular expression 
over 7T, the alphabet of subscripted symbols, where each subscripted symbol 
occurs at most once in E' . 

The reverse of marking is the dropping of subscripts, indicated by ^ and 
defined as follows: If E' is a regular expression over 7J, then {E')'^ is the regu- 
lar expression over E that is obtained by dropping all subscripts in E' . Thus, 
a marked regular expression El over il is a marking of regular expression E if 
and only if E[^ = E. Observe that for each regular expression E over E, up to 
an isomorphism on the set of subscripts, set 77 is unique and so is the marking 
E' . Unmarking can also be extended to words and languages: For a word w 
over 77, let denote the word over E that is constructed from w by dropping 
all subscripts. For a language L over 77, let denote {w^\w G L}. Then, for 
each regular marked expression E' over 77, L((7f')^) = L{E')'^. 

Book and his associates [3] and Eilenberg [8] define unambiguous regular 
expressions as follows. A regular expression E is unambiguous, if and only if 
for all words x and y over 77, the alphabet of subscripted symbols, condition 
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X ^ y implies ^ y^. K regular language L is unambiguous if it is denoted 
by an unambiguous regular expression. It is know that all regular languages are 
unambiguous. 

Briiggemann-Klein and Wood [4] defined a more restrictive version of un- 
ambiguity motivated by SGML content models [13]. A regular expression E is 
one- unambiguous if and only if, for all words u, v and w over 77 and all sym- 
bols X and y in 77, the conditions uxv,uyw € L{E') and x ^ y imply that 
x^ yf A regular language is one- unambiguous if it is denoted by some 
one-unambiguous expression. Briiggemann-Klein and Wood proved that not all 
regular languages are one-unambiguous. 

It is well known that regular languages are those recognized by finite-state 
automata. Given a regular expression E over an alphabet A, we can construct an 
automaton that recognizes L{E) in many different ways. Many of these automata 
can be reduced to the Glushkov automaton [4,10]. Glushkov first suggested 
this construction in 1960 [11,12]; it was also suggested by McNaughton and 
Yamada [14] independently and at about the same time. The construction, given 
first by Book et al. [3], is based on the first, last and follow sets of positions in 
the marking E' of E. We define the three sets of positions as follows: 

first(7f') is the set of all positions that can begin a string in L{E')\ 
last(77') is the set of all positions that can end a string in L{E'); 
follow(a, 77') is the set of all positions in 77' that can follow position a. 

Once we have computed these sets, we can construct the Glushkov automa- 
ton Ge as follows: The states of Ge are 77 U {0} where 77 is the alphabet of 
subscripted symbols, Q ^ II is the start state, last(77') (or last(77') U {0}, if the 
empty word is in the language) is the set of final states, and the transitions in 
(n U {0}) X A X 77 are 

{{x,a,aj) : Oj^ = a, aj G follow (a;, 77') or a; = 0 and aj € first(77')}. 

Garon and Ziadi [5] recently characterized Glushkov automata. Observe that, 
as consequence of Garon and Ziadi’s result, given a finite-state automaton we 
can estabilish whether it is a Glushkov one or not, without any knowledge on 77, 
its generating regular expression. Moreover, 77 can be computed from Ge- 

Finite-state automata admit a generalization in terms of block automata, 
that also describe all and only regular languages. Block automata ^ were intro- 
duced by Eilenberg [8]. They allow the transition labels to be nonempty strings 
or blocks over the input alphabet rather than just symbols. Formally, a block 
automaton A is specified by a tuple {Q, E, E,S, s, F), where Q is a finite set 
of states, A is an input alphabet, 7^ is a finite subset of A+ called the block 
alphabet, SCQxExQisa, transition relation, s S Q is a start state and 
F C Q is a set of final states. If the maximum block length in A is k, then we 
refer to A as a k-block automaton. 



^ Block automata are called generalized automata by Eilenberg [8]. 
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From this viewpoint, a standard finite-state automaton (where all transitions 
are single-symbol labelled) is a one-block automaton. From now on, we will refer 
to standard finite-state automata as to one-block automata. 

As with one-block automata, a string w has an accepting computation 
in a block automaton A if there is a path from the start state to some final 
state that spells the string w. The collection of all strings that have an accepting 
computation in a block automaton A is called the language of A and it is 
denoted by L{A). 

A block automaton is nondeterministic, and therefore ambiguous, if the 
same string has more than one accepting computation. As we known, in one- 
block automata this condition implies there is at least a state that has two 
outgoing transitions with the same label. For fc-block automata the implication 
is generally weaker: Nondeterminism occurs in a A:-block automaton when there 
is at least a state that has two outgoing transitions whose labels are one prefix of 
the other. As a consequence, the condition of determinism in a block automaton 
corresponds to the set of all labels in transitions from a given state being prefix 
free. Formally, let A = {Q, E, F, E, s, F) be a block automaton and, for each 
q G Q, let block((j) C F be the set of labels in the transitions out of q. A is a 
deterministic block automaton if, for each q € Q, block(g) is prefix-free. 

Deterministic block automata were introduced by Giammarresi and Montal- 
bano [9] when they investigated the minimization of block automata. We will use 
deterministic block automata to define block-deterministic regular languages. 

Observe that block automata can be regarded to as one-block automata 
when we treat the blocks in the transitions as single symbols — as we do when- 
ever we refer to the elements of a block alphabet. With this assumption, we 
can apply the usual automata transformations, such as state minimization and 
determinization, to block automata. Given a block automaton A, we denote its 
deterministic and minimal deterministic automata by F>{A) and A4{A), respec- 
tively, when considering its blocks as single symbols. 

We now describe two transformations that are essentially mutual inverses of 
each other: state elimination and block elimination. The first one eliminates 
states from a block automaton creating transitions with longer block labels than 
the original ones; the second transformation eliminates block-labelled transitions 
creating states whose transitions have single-symbol labels. 

Let A be a block automaton and g be a state of A such that q is not the 
start state, it is not a final state and it has no self-loops. We define the state 
elimination of q in A as follows: We first remove state q and all transitions 
into and out of q from A. Second, for every pair (r, u, q) and (g, v, s) of tran- 
sitions that were in A, we add a new transition (r,uv,s) to A. We denote the 
resulting automaton by S{A, q). It is easy to verify that 5(A, q) is indeed a block 
automaton equivalent to A. We can also extend state elimination to a set S C Q 
of states. Giammarresi and Montalbano [9] prove that if S does not contain the 
start state and any final state, and the subgraph induced by S is acyclic, then 
we can construct a unique block automaton S{A,S) by eliminating the states 
in S in any order. In this case we say that the set S' C Q of states satisfies the 
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state-elimination precondition for A. Notice that when S satisfies the above 
precondition and ^ is a fc-block automaton, the length of blocks in 5(A, S) can 
increase to at most \S\k. Finally, if we apply state elimination to any state of 
a deterministic finite-state automaton that satisfies the precondition, then we 
obtain a deterministic block automaton. 

Let ^ be a block automaton and e = (p, ai02 ■ ■ • aj,, q) be a transition in A, 
where k>2. We define the block elimination of e in A as follows: We first re- 
move the transition e from A. Second, we introduce new states pi, ■ ■ ■ ,Pk-i and 
new transitions (p, ai,pi), (pi, 02 ,^ 2 ), (Pfc-i, Qfe, <?)• We denote the resulting 
block automaton by B{A,e). It is easy to verify that B{A,e) is indeed a block 
automaton equivalent to A. Clearly, given a block automaton A, it can be trans- 
formad into a one-block automaton by applying B{A,B), where B denotes the 
set of all block-labelled transitions in A. Observe that, when A is a deterministic 
block automaton, the resulting one-block automaton need not be deterministic. 

3 Block-Deterministic Regular Expressions 

We define block-marked regular expressions, and block-deterministic regular ex- 
pressions and languages. Then, we characterize block-deterministic regular lan- 
guages as those languages defined by deterministic block automata. 

Let if be a regular expression over an alphabet S. We define a block of E to 
be a subexpression of E containing only concatenation operations. For example, 
given the expression 



E = {a ■ a)* ■ (a ■ b ■ b + b ■ a) ■ b* , 

then a, aa, ab, abb, b, ba and bb are all possible blocks in E, whereas aab and bbb 
are not blocks of E although they are factors of words in L{E). We can partition 
the dotted subexpressions in a regular expression E into disjoint blocks. We can 
partition the running-example expression in more than two ways; for example, 
we obtain six blocks with the partition 

([a][a])*([a6][6] + [6a])([6])*, 

where we use square brackets [ and ] to enclose blocks. There is the minimum 
partition of a regular expression that treats each maximal dotted subexpression 
as a block; for example, 



(H)*([a66] + N)a&])* 

has four blocks. There is also the maximum partition that treats each single 
symbol as a block; for example, 

([a][a])*(H[6][6] + [6][a])([5])*, 



has eight blocks. An expression that is partioned into blocks is called a blocked 
expression. 
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We define a block marking of an expression using a blocked version of the 
expression. A block marking of an expression E is obtained by partitioning E 
into blocks and uniquely marking each block with an integer subscript. When we 
wish to identify the maximum length, k, of the blocks in a block marking, we call 
it a k-block marking. We denote a block-marked version of an expression E 
by E' . We denote by block(if') the set of all marked blocks of E' . Thus, a block- 
marked regular expression E' is a marked regular expression over the alphabet 
r = block(if'). For example, one block marking for the running example E is 

£;' = ([a]i[a]2)*([a6]3[6]4 + [6a]5)([5]6)*, 

in which case: block (A') = {[a]i, [a]2, [ab]^, [6)4, [6a] 5, [^Je}. 

The block unmarking of a block-marked expression removes all subscripts 
and the square brackets. If E’ is a block-marked expression, then {E’)^ is the 
corresponding unmarked and unblocked expression. 

Block marking and unmarking of regular expressions can be extended in an 
obvious way to block marking and unmarking of words and languages. Notice 
that block marking generalizes the notion of marked expressions [11,14,2,4] that 
corresponds to one-block marking. 

Now, given a block-marked regular expression E' , we can extend to E' the 
functions first, last and follow introduced by Glushkov, McNaughton and Ya- 
mada [11,14]. In this case, first(if'), last(A') and follow (a;, A') are subsets of 
block(if') = r. Using these sets, we give a formal definition of block-deterministic 
regular expressions. 

A block-marking E' of if is a deterministic block-marking if the following 
two conditions hold: 

1. For all x,y G first(if'), x ^ y implies that x'^ and y^ are not one prefix of the 
other. 

2. For all z S block(if') and for all x,y G follow(2:, E'), x ^ y implies that x^ is 
not a prefix of yK 

A regular expression E is block-deterministic if there exists a deterministic 
block-marking E' of E. 

If we restrict the block length to one, then one-block-deterministic expres- 
sions coincide with one-unambiguous expressions as defined by Briiggemann- 
Klein and Wood [4]. In general, a deterministic block marking for a given block- 
deterministic regular expression E is not unique. This observation holds even 
when the maximal length k of the blocks is specified. As an example, consider 
the running example expression E = (aa)*{abb+ba)(b)* . There are two different 
deterministic two-block markings for E: 

E[ = {[aain[abUbh+mambhr 

E '2 = ([aa]i)*([a6]2[6]3 + [ba]4){[b]5)* ■ 

From now on, we will refer to E when the set of blocks will be treated as 
atomic symbols and we will refer to block (if'), when the set of blocks will be 
treated as strings. 
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Given a block-marked expression E' oi E, the Glushkov automaton for E' , 
denoted by G^{E'), is defined in the classical way considering as alphabet the 
block set block(i?') and it is called Glushkov block automaton. Observe that 
the Glushkov block automaton for a given regular expression E depends on the 
block marking of E. We use Glushkov block automata to characterize block- 
deterministic regular expressions. This characterization generalizes the one of 
Briiggemann-Klein and Wood [4] to the case of fc-block markings for k > 1. 

Lemma 1. A k-block marking E' is deterministic if and only if the correspond- 
ing Glushkov block automaton G^{E') is deterministic. 

Proof. From definition of deterministic block marking, and from construction of 
Glushkov automaton, it follows that for each state q in G^{E'), block{q) is a 
prefix-free set, that is G^{E') is a deterministic block automaton. 

Since by definition E is block deterministic iff there exists a deterministic 
block marked expression E' such that {E'Y = E, then we get the following 

Corollary 1. A regular expression E is block deterministic if and only if it 
admits a deterministic Glushkov block automaton. 

If we want to emphasize the maximal length k of the blocks, we write k-block 
deterministic. 

We now consider the problem of deciding whether a given regular expres- 
sion E is block-deterministic. Gorollary 1 suggest one simple method: To guess a 
k > 1 and a /c-block marking E' and then construct the corresponding Glushkov 
fc-block automaton G^{E'). If G^{E') is deterministic, then E is fc-block-deter- 
ministic. 

Note that, for the case fc = I, the problem is easy to solve since there is 
a unique one-block marking and the corresponding Glushkov block automaton 
is the Glushkov one-block automaton Ge. In this case, if Ge is deterministic, 
then E is one-block deterministic. We now consider the case when is not 
deterministic and describe a procedure to determine whether there is a deter- 
ministic fc-block marking for E, for some fc > 2. More precisely, such a fc-block 
marking will be one with the minimum fc. 

Lemma 2. If a regular expression E is k-block- deterministic, then its corre- 
sponding Glushkov one-block automaton Ge can be transformed into a deter- 
ministic k-block automaton by a sequence of state eliminations. 

Proof. Let E' be a deterministic fc-block marking for E and let G^{E') be the cor- 
responding Glushkov deterministic block automaton. We will prove that G^{E') 
is the requested automaton of the statement. 

By applying a sequence of block eliminations to all appropriate transitions 
in G^{E'), we transform G^{E') into a one-block automaton B{A,B) = G'^ 
(see Section 2 for the definition). Observe that any breaking of a block-labelled 
transition into a sequence of symbol-labelled transitions corresponds to the block 
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unmarking of one block of E' , and to a new subscription of each of its symbols, 
since all the states introduced by block eliminations correspond to the positions 
of the symbols in the blocks of E' that are not the last symbols of the blocks. 
Then, it follows that = Ge- By applying state eliminations of all the new 
states of = Ge we obtain G^(E'). 

As a consequence of Lemma 2 , the Glushkov automaton Ge of a fc-block- 
deterministic expression E can be determinized (as block automaton) without 
using subset construction: All the states that are responsible for its nondeter- 
minism can be eliminated by a finite sequence of state eliminations to give a de- 
terministic fc-block automaton. Moreover we obtain a Glushkov deterministic k- 
block automaton. 

We now show how to get a Glushkov deterministic A:-block automaton equiv- 
alent to Ge, if it exists, starting by Ge itself. First, we identify the set of states 
of G^; to be eliminated. 

Let A be a (block) automaton and let qi and (72 be two different states of A. 
Then, qi and <72 are duplicates if the following condition holds: 

3p € Q and x € E*: (p, x, qi) and (p, x, (72) are paths in A. 

Recall that, given an automaton A, if we apply the subset construction to A 
we get a deterministic automaton T>(A) whose states are subsets of the original 
set of states of A. We refer to a state of T>{A) as either a multiple state or as a 
single state according to the cardinality of such sets. A state g of A is possibly 
included in several states, single and multiple, of T>{A). 

Observe that the duplicate states of a given automaton A are those that are 
in multiple states in 'D(A). Therefore, an automaton is deterministic if and only 
if it does not have any duplicate states. 

Lemma 3. Let E be a regular expression and let Ge be a corresponding Glushkov 
automaton. Let Qdup be the set of all duplicate states oJGe- IfQdup satisfies the 
state- elimination precondition and S{GE,Qdup) is a Glushkov block automaton 
then E is block deterministic. 

Proof. By hypothesis Qdup satisfies the state-elimination precondition (see Sec- 
tion 2 ) and G^ = S{GE,Qdup) is a Glushkov block automaton. Let E' be the 
block-marked regular expression obtained from G^ (characterization of Garon 
and Ziadi show how to obtain it). Note that E' is a block marking of E (in 
fact, the state eliminations in Ge correspond to combining some one blocks in 
the standard marking of if ), so that to prove block-determinism of E can be 
reduced to prove that G^ is deterministic. 

Let V{Ge) be the deterministic automaton obtained by applying the subset 
construction to Ge, and let Q' denote the set of states in T>{Ge) that are im- 
ages (under determinization) of all states in Qdup- We claim that Q' satisfies the 
state-elimination precondition for V{Ge) and that S{T>{Ge),Q') = G^. As a 
consequence, since transformation S preserves determinism, G^ is a determin- 
istic block automaton. 
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Lemmas 2 and 3 suggest the following theorem. 

Theorem 1. Let E be a regular expression and let Ge be a corresponding 
Glushkov automaton. Then, E is k-block deterministic, for some k > 2, if and 
only if Ge can be transformed into a k- deterministic Glushkov automaton by 
eliminating all of its duplicate states. Moreover, this Glushkov automaton de- 
fines a deterministic k-block marking of E. 

In the sequel, if is a fc-block-deterministic regular expression, we denote 
by the deterministic Glushkov fc-block automaton obtained by applying state 
elimination to all duplicate states in Ge- Moreover, we will refer to the block 
marking induced by G% as the standard block marking of E. 

From Lemma 3, we obtain the following algorithm to determine whether 
a given regular expression E is block deterministic. First compute the Glushkov 
automaton Ge and identify the set Qdup of its duplicate states. If Qdup satisfies 
the state-elimination precondition (it does not contain the start state or a final 
state and it induces an acyclic subgraph), then compute = S{GE,Qdup)- 
Second, determine whether G^ is a Glushkov automaton for the block alphabet 
using, for example, the characterization of Garon and Ziadi [5]. If it is, then G'^ = 
G|; defines a deterministic block marking of E. 

Gonsider the running example expression E and its Glushkov automaton 
in Fig. 1(a). It contains two duplicate states; that is, the states in Qdup = 
{1,3} satisfy the state-elimination precondition. By eliminating these states we 
obtain G^{E') that is a deterministic Glushkov automaton for the alphabet 
{a, aa, ab, b}. 

We conclude this section by mentioning that the application of subset con- 
struction to the Glushkov automaton Ge oi a, block-deterministic regular ex- 
pression E does not increase the size of the automaton ([6,7]) whereas, in the 
worst case, subset construction produces exponential blow-up. Indeed, from the 
proof of Lemma 3 we infer that the number of states of T>{Ge) is at most the 
number of states of Ge since the set of duplicate states does not induce cycles. 

4 Block-Deterministic Regular Languages 

A regular language L is block deterministic if there is a block-deterministic 
regular expression E such that L = L{E). We now demonstrate that there are 
regular languages that are not block deterministic. 

We first consider the problem of deciding whether a given regular language 
is block deterministic. The basic idea is to use the characterization established 
by Briiggemann-Klein and Wood [4] for unambiguous regular languages (one- 
block-deterministic regular languages in our terminology). Now, a regular expres- 
sion is one-unambiguous if and only if its Glushkov automaton is deterministic. 
Briiggemann-Klein and Wood show that if a Glushkov automaton is determinis- 
tic, then it has some properties that are preserved under minimization. Therefore, 
such properties can be checked on the minimal finite-state automaton M for the 
given language. Moreover, if these properties hold for some minimal automaton. 
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Fig. 1. Two Glushkov automata for the running example expression E. a. The 
Glushkov automaton Ge for E. b. The deterministic Glushkov block automa- 
ton G^{E') for a two-block marking of E obtained by state elimination in Ge 



they prove that the corresponding regular language is one-unambiguous. Thus, 
they are able to give an algorithm that determines whether a given language 
is one-block deterministic and, if it is, they are able to construct a one-block- 
deterministic expression for it. We refer to this characterization as the BW test 
for one-block-deterministic languages. Suppose we want to test whether 
a given language L C E* is fc-block deterministic for some fixed k. Let M be 
the minimal automaton for L. We apply state elimination to M to get a fc-block 
automaton iV^. Let N be the same automaton as considered as a minimal 
automaton on its block alphabet E. We can then apply the BW test to N. If L, 
considered to be over E, is one-block-deterministic, then there is a determin- 
istic Glushkov automaton on E that reduces to N under minimization. Such 
a Glushkov automaton gives a fc-block-deterministic regular expression together 
with a deterministic fc-block marking for the original L (L C E*). 

On the other hand, if we consider all possible fc-block automata that we can 
get from M by state elimination and none of them pass the BW test (when 
considered on the corresponding block alphabet), then we can conclude that L 
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is not fc-block deterministic for any k. This procedure always terminates. Given 
an automaton the number of all possible block automata obtained from A by 
state elimination is finite. 

Notice that the preceding algorithm works only under the assumption that, 
given a block alphabet T, the minimal automaton N for L, when considered to 
be over T, can be obtained by applying state elimination to the minimal finite- 
state automaton M (the minimal automaton for L when considered to be over 
S). We show that this assumption is valid. If g is a state of a given automaton A, 
we let Lg denote the language recognized by A using q as the start state. The 
proof of the following result will be given in the full version. 

Lemma 4. Let L he a block- deterministic regular language. Then, there is a 
block- deterministic regular expression E'^ for L with the property that if p and q 
are two states of T>{G j^f), then Lp = Lg implies that either p and q are sets of 
duplicate states of G or p and q are (single) non-duplicate states ofGj^i^. 

Given a fc-deterministic regular expression E, we let Ge and G^ be its cor- 
responding Glushkov and fc-block Glushkov automata, respectively. We consider 
the following two automata 

M = M{V{Ge)) and = M{G%) = M{S {G e , Q dup)) . 

where M is obtained from by applying first subset construction and then min- 
imization whereas is obtained from G|. by applying minimization. (Equiva- 
lently, is obtained from Ge by first applying state elimination of all duplicate 
states and then applying minimization.) 

Lemma 5. Let L he a k- deterministic language. Then, there is a block- determi- 
nistic regular expression E for L such that M can he transformed into by 
state elimination. 

Proof. Let Qm and Qm*’ be the sets of states of the automata M and Mk, 
respectively. By Lemma 4, Qm’^ is a proper subset of Qm (or, more precisely, Qm 
contains an isomorphic copy of Qm’’)- Moreover, all the states in Qm\ Qm>= are 
classes of duplicate states of Ge and their corresponding transitions define an 
acyclic subgraph of M (the set of all such states satisfies the state-elimination 
precondition) . 

Let us consider once again the running example expression E] that is, consider 
the language L = L{E) on the alphabet E = {a, 6}. The minimal finite-state 
automaton M for L in Fig. 2(a) is obtained by determinizing Ge of Fig. 1(a) 
and then minimizing it. When we apply the BW test to M, we see that L is not 
one-block deterministic. We then eliminate state (1,3) from M and obtain the 
automaton Nk of Fig. 2(b). 

TVfe, considered as an automaton on the block alphabet E = {a, b, aa, ab}, can 
be obtained minimizing the deterministic Glushkov block automaton of Fig. 1(b), 
where states s and 2 are equivalent, and states 5, 7 and 8 are equivalent. These 
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AT, =5(M, {1,3}) 



Fig. 2. A minimal finite-state automaton and state elimination, a. The minimal 
finite-state automaton M for the running example expression E. b. The result 
of eliminating state (1,3) in M 



observations imply that L is a one-block-deterministic automaton on E and a 
two-block-deterministic automaton on E. 

Using the same approach, we can exhibit languages that are not fc-block 
deterministic, for any k~ therefore, they are not fc-deterministic. One example 
language is L = {a -I- b}*{a{a + b}^}. Briiggemann-Klein and Wood [4] prove 
that L is not one-block deterministic. Moreover, we can verify that it does not 
pass the BW test after the state elimination of all states that satisfy the state- 
elimination precondition. 
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Abstract. Schiitzenberger Conjecture claims that any finite maximal 
code C is factorizing, i.e. SC* P = A* in a non-ambiguous way, for 
some S, P. Let us suppose that Schiitzenberger Conjecture holds. Two 
problems arise: the construction of all (S, P) and the construction of C 
starting from (S, P). Regarding the first problem we consider two families 
of possible languages 5: S prefix-closed and S' s.t. S \ {1} is a code. For 
the second problem we present a method of constructing C from (S, P), 
that is relied on the construction of right- and left-factors of a language. 
Results are based on a combinatorial characterization of right- and left- 
factorizing languages. 



1 Introduction 

The theory of codes takes its origin in information theory, devised by Shannon 
in the 1950s. The codes were considered as communication tools. Then, in the 
1960s, M. P. Schiitzenberger pointed out the close relations between codes theory 
and classical algebra (free monoids, groups, and so on). M. P. Schiitzenberger 
and his school investigate codes inside the theory of formal languages, using an 
algebraic, analytical or combinatorial approach. The aim is to give a structural 
description of the codes in a way that allows their construction. Remark that 
indeed no systematic method is known even for constructing all finite codes. 
Algorithms exist for some sub-classes: prefix codes, suffix codes, biprefix codes 
and n-codes, with n < 3 (see [17] and references inside). Further, starting from 
a factorizing code C one can construct an infinite family of factorizing codes C' , 
applying composition ([6]) or substitution, introduced in [4,5]. Another way of 
constructing factorizing codes starting from a related class is given in [19]. 

Regarding the problem of constructing codes, there is the famous conjec- 
ture due to Schiitzenberger ([29,6]), that characterizes finite maximal codes 
as factorizing codes. A finite code C C A* is factorizing if there exist lan- 
guages S,P s.t. SC*P = A*, by non-ambiguous operations; the couple {S,P) 
is called a factorization of C. Remark that non-ambiguity of operations on lan- 
guages can be expressed, in an elegant and concise way, by introducing formal 

* This work was partially supported by 60% Project: ’’Linguaggi formal! e modelli di 
calcolo” 
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power series, and characteristic series in particular. A finite code is factorizing 
if there exist S,P s.t. 5 = A*. The Schiitzenberger Factorization Conjec- 

ture is open after more than 30 years. Despite a lot of researchers worked on 
it ([10,11,15,16,18,19,20,26,27]), only partial results exist ([17,27,30]). Remark 
that if a finite code is factorizing then it can have several factorizations, as is the 
case of biprefix codes for example, or a unique factorization ([9]). On the other 
hand, by means of the substitution operation, if S appears in some equation 
S. C_* P. = A* then an infinite family of couples (C', P') can be constructed s.t. 
SC!_*EL=A* ([4,5]). 

In this paper we study the construction of (finite maximal) codes, assuming 
that Schiitzenberger Factorization Conjecture holds. Indeed two problems arise: 

1. the characterization/construction of all the couples (S', P) that can be a fac- 
torization of some finite code 

2. the construction of a finite code C starting from its factorization (S, P). 

Problem 1 was firstly singled out in [15], where it is pointed out that the 
couple (S, P) can be a factorization of a finite code iff P{A — 1)S -I- 1 > 0. We 
survey all the triplets {S,C,P) we know to be related by S = A*. Then 
we consider two more possible families of languages S: S prefix-closed and S s.t. 
S \ {1} is a code and |S| < 4. We establish conditions under which they can 
appear in a factorization S = A* (Corollary 2 and Proposition 2). 

Considering Problem 2, we propose and compare two possible ways of con- 
structing a finite factorizing code C, once its factorization (S', P) is given. The 
first method uses the definition and comes out to be less efficient than the sec- 
ond one. The second method is based on a result (Proposition 3) that allows 
to express C in terms of the right-factor of S and the left-factor of P (see Sec- 
tion 4 for the definitions). It is more efficient than the first method, as far as an 
efficient construction of right-factors and left-factors of finite languages is avail- 
able. We propose a new construction of right-factors and left-factors of a finite 
language, that is more efficient than the one already given in [1]. Remark that 
this construction, as well as Proposition 2, is based on a combinatorial charac- 
terization of the right- (left-, resp.) factor of a language (Theorem 1), involving 
the factorizations of a word and an alternating property. 

The paper starts with a section devoted to some background. Section 3 con- 
tains a survey on all the triplets (S', C, P) we know to be related by S = A*. 
Section 4 contains our characterization of right- (left-, resp.) factorizing lan- 
guages. Section 5 contains our contributions to the problem stated in item 1. 
In Section 6 we consider two methods for constructing C, once its factorization 
(S, P) is given. Some conclusions are given in the last section. 



2 Background and Notations 

For definitions about formal languages and automata, see for example [23]. We 
note here that, given a finite alphabet A, < A*, - ,1 > denotes the free monoid 
generated by A and a language is any S C A*. We will denote by = 
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{w G A* w| < n} and by x~^w the word y s.t. w = xy, if any. Moreover the 
reverse of word u> = oi • • • a„ is = a„ • • • ai and the reverse of language S 
is G S}. A word a; G A* is a prefix of w G A*, and we write a; < w, if 

w = xy, with y G A*; it is a proper prefix if x ^ w and we write x < w. Pref{S), 
(Suff{S), Fact{S), resp.) denotes the set of proper prefixes (suffixes, factors, 
resp.) of words in S. S is prefix- (suffix-, factor-, resp.) closed if Pref{S) C S 
(Suff{S) C S, Fact{S) C S, resp.). The union A U F is non-ambigiious when 
Any = 0 ; the product AF is non- ambiguous when w = xy = x’y' with 
X, x' G A, y,y' GY implies x = x' and y = y' and the star A* is non-ambiguous 
when all unions and products in its definition are non-ambiguous. For the sake 
of simplicity, we will sometimes write 1 instead of {1}. 

We now recall some notations about formal power series; for more details 
see [7,25,28]. Given a finite alphabet A and a semi-ring K, the class K A 
of formal power series (briefly series) with non-commuting variables in A and 
coefficients in K is the set of functions s : A* — > A. As usual, the value of s 
on w G A* is denoted by (s, w) and the power series is written as a formal sum 
s = The imaye of the series s is the set Im{s) = {(s,w)| G A*}. 

The support of s is the set supp{s) = {w G A*| s,w) 0}. The characteristic 
series of a language A C A* , denoted A, is defined by (A, w) = 1 if w G A and 
(A, w) = Q ii w ^ X. By this formalism, we have that A U F is non-ambiguous 
iff A U F = A-l-F; AF is non-ambiguous iff AF = A • F; A* is non-ambiguous 
iff^= (A)*. 

3 Factorizing Codes and Their Factorizations 

In this section we consider factorizing codes and present the Schiitzenberger’s 
Factorization Conjecture. Then we survey some results related to it, in the aim 
of Problem 1 in Section 1. Our main reference for codes is [6]. See also [11,12] 
for some open problems in the field. 

A subset C of A* is a code if for any C\, . . . ,Ch,c'i, . . . ,c'^. G C, the equal- 
ity Cl - ■■ Ch = c'l - ■ ■ c'). implies h = k and for every i G {1, . . . , /i}, Ci = c'. In 
the terminology of series, C is a code iff Cf_ = (C)*. A prefix {suffix, resp.) code 
is a language such that no word is a prefix (suffix, resp.) of another one in the 
language. A code C is maximal over A if for any code C over A then C Q C' 
implies that C = C . 

A finite code C is factorizing (over A) if there exist two finite subsets S, P 
of A* such that S[ C_* P_ = A*. The couple {S, P) is called a factorization of C. 
A finite language S C A* such that S[ C_* P = A* for finite languages C,P C A*, 
is called a polynomial having solutions in [15] and strong factorizing in [3]. The 
first terminology is motivated by the remark there exists C s.t. ^ Cf P_ = A* iff 
P_{A — l)i£ > 0. Further we have that if S_ C_* P_ = A* then S, P are finite iff C 
is a finite and maximal code ([29,6]). 

The most important conjecture on theory of codes is Schiitzenberger Factor- 
ization Conjecture ([29,6]). It claims that any finite maximal code is factoriz- 
ing. In this paper we study the construction of (finite maximal) codes, assuming 



200 Marcella Anselmo 



that Schiitzenberger Factorization Conjecture holds. A problem that arises is the 
characterization/construction of couples {S,P) that are factorizations of some 
code. Let us now survey the results we know about. 

Firstly in [4, .5] it is proved that it is decidable whether a finite language S is 
strong factorizing and a construction for related couples (C,P) is given, if any. 
We will say that a language S is right-context-closed if s = s't with s,s' € S 
implies t G S. For example, any suffix-closed language is right-context-closed. 
Any factor-closed language is suffix-closed and hence right-context-closed. 

Let us now enumerate some couples (S', P) that appear in some equation 
S = A*. Remark that 8 is a particular case of 5; 9 is a particular case 
of 11, 12 and 10 is a particular case of 11. 

1. S = 1, C prefix code, P = A* \ CA* 

2. S = 1, C maximal prefix code, P = Pref{C) {P is prefix-closed) 

3. S = A* \ A*C, C is a suffix code, P = 1 

4. S = Suff{C) (S is suffix-closed), C maximal suffix code, P = 1 

5. S = 1 U A with X prefix code, P = Pref{X) ([3]) (all possible P’s are 
characterized in [15]) 

6. S = 1 U A with A suffix code iff A is biprefix ([15]) 

7. S = 1 U A with A code, |S| < 3 iff A is prefix ([3]) 

8. S = {1,^^} (all possible P’s are characterized in [15]) 

9. S = {1, a^}, P = {1, a, aba? , aba^, aba^b}, 

C = {a^, ab, aba^, aba^b, aba^ba^, aba^ba, aba^ba^, aba^b^ , aba?b^a? ^ b, ba^} 

(C is an example of a factorizing code that is neither prefix nor suffix) 

10. \S\ = 3 and S' \ 1 not a code iff S = {l,f,f^}, P = Pref{{v}) ([3]) (all 
possible P’s are characterized in [21]) 

11. S C w* iS S = and (/, J) a Krasner factorization, (possible P’s are 
studied in [21]) 

12. A = {a, 6} S C a* iff S = and (/, J) a Krasner factorization, (all possi- 
ble P’s are characterized in [17]) 

13. S right-context-closed (suffix-closed, factor-closed), P = Pre/(S\l)\(S\l) 
A+ (P is prefix-closed) ([15]). 

Note that from the above list we can obtain an infinite list using: duality, 
composition, substitution or extension of the alphabet, as follows. 

If (S, C, P) are s.t. S C*P = A* then (P«, C«, S^) are s.t. P^ C^*S^ = A* 
(see Remark 1). Therefore if (S, C, P) is a triplet in the above list, then its dual 
(P^, C^, S^) can also appear in the list. For example the triplet in point 3 is the 
dual of the one in point 1. The composition is a well-known operation on codes 
( [6] ) . It holds that the composition of two factorizing codes is a factorizing code 
([8]). Substitution is an operation on languages introduced in [4,5] that allows to 
construct from a factorizing code C with factorization (S', P) an infinity family 
of factorizing codes C with factorization (S, P'). 

Further, as an extension of a remark in ([2]), we have that if S • F = A* 
and B is an alphabet s.t. BAA then S_-Yf_ = Bf_ with F' = F U F(P \ A)B* . 
Moreover one can easily show the following lemma. 
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Lemma 1. Let S G A* and B an alphabet s.t. B G A. If 5 C_* P_ = A* then 
S C£P = B* where Cb = C U P{B \ A)S. 

In Section 5, we will give some contributions to the above list. In view of 
results 5, 6, 7 we will conjecture that S = lUX with X code is strong factorizing 
iff X is prefix. We will prove this result for [S'! = 4. Then, in order to complete 
item 13, we will study the case S is prefix-closed and show that S prefix-closed 
is strong factorizing iff it is factor-closed. 

4 A Characterization of Right- and Left-Factorizing 
Languages 

We introduce right- and left- factorizing languages. Right-factorizing languages 
were firstly defined in [1], where they were simply called factorizing. We char- 
acterize them, in terms of some combinatorial properties based on the factor- 
izations of a word. This characterization will be used in Section 5 to decide 
whether some languages are strong factorizing and in Section 6 to construct an 
automaton recognizing the right-factor of a finite language. 

Definition 1. A language S G A* is right-factorizing (left-factorizing, resp.) if 
there exists Y G A* such that S_Y_= 4^ (Y_ 5 = A * , resp.). In this case, Y is 
called the right factor (left factor, resp.) of S and denoted by RF(S) (LF{S), 
resp.). 

For the sake of simplicity, we will sometimes write ”r-” (”!-”, resp.) instead of 
’’right-” (’’left-”, resp.). 

Remark 1. If A H = 41 then Y^ X^ = Therefore X is r-factorizing X^ 
is 1-factorizing. We emphasize that hence any property on r-factorizing languages 
yields a dual property on 1-factorizing languages, just moving to the reverse of 
languages. For instance, in the dual property ’’prefix” will be replaced by ’’suffix” . 

Remark 2. Let S a right-factorizing language. It can be easily shown that S n 
RF{S) = {!}; A*\RF{S) = (S\1)RF{S); and A\(5\l)4* C RF{S). Further, 
if s is a word of minimal length in 5 \ 1, then 4^1*1 C RF{S). 

Observe that if ^ C_* P_ = A* then S, SC* are right-factorizing with RF{S) = 
C*P and RF{SC*) = P. Similarly P,C*P are left-factorizing with LF(P) = 
SC* and LF{C*P) = S. Therefore any strong factorizing language is r- factoriz- 
ing too. An example of a language that is r-factorizing, but not strong factorizing 
is S' = {l,a, 0^6} ([3]). The language S = {l,a, a6} is not right-factorizing ([!]). 
Right-factorizing languages with at most three words are completely character- 
ized in [1,2]. 

In [1,2], given a language S C A* with 1 G S, the series rg = (S)“^A is 
considered. It is shown that (S)“^ = (S \ 1 • S \ 1)* — (S \ 1 • S \ 1)*S \ 1 and 
that S containing 1 is right-factorizing iff rs is a characteristic series; in this 
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case RF(S) = supp{rs). A combinatorial characterization is then presented by 
means of the following definitions. A prefix sequence of w with respect to S is a, 
sequence {x\,X 2 , ■ ■ ■ ,Xn) such that either n = 1 and xi = 1 or € (S' \ 1) for 
i € {1, . . . , u} and xi ■ ■ ■ x„ < w. It is said an even prefix sequence if n is even or 
it is (1) and an odd prefix sequence if n is odd. Furthermore a language S C A* 
is right-factorizing iff for any word w G A*, the difference between the number 
of its even prefix sequences w.r.t. S and the number of its odd prefix sequences 
w.r.t. S is always either 0 or 1. Finally, if S is right-factorizing then RF{S) is 
the set of words for which this difference is 1. 

We introduce here Is = A*(S)“^ and observe that S is left-factorizing iff Is 
is a characteristic series and in this case LF{S) = supp{ls)- 

Example 1. Let 5"= {1, a, a^}. It can be shown that S is factorizing and RF{S) = 
(a^)* since (rs,a®) = 1 if i = 3/c for some A: > 0 and 0 otherwise ([1,2]). As an 
example: 

for fc = 0 the unique even prefix sequence is (1) and there are no odd prefix 
sequences, yielding (rs, 1) = 1; 

for k = I the unique even prefix sequence is (1) and the unique odd prefix 
sequence is (a), yielding (rs,a) = 0; 

for k = 2 the even prefix sequences are (1), (a, a) and the odd prefix sequences 
are (a), (a^), yielding (rs,a^) = 0; 

for A: = 3 the even prefix sequences are (1), (a, a), (a, a^), (a^, a) and the odd 
prefix sequences are (a), (a^), (a, a, a), yielding (rg, a^) = 1. 

Let us give a combinatorial characterization of right- (left-, resp.) factorizing 
languages and their right- (left-, resp.) factors, starting from the above consider- 
ations. Indeed we relate (rs,wa) with (rg, w), for w € A*, a € A, thus obtaining 
a sort of recursive way of expressing rg. 

Definition 2. Let S' C A* with 1 € S. The formal power series fs is defined 
as fs = 

Definition 3. A factorization of w with respect to S is a sequence (xi,X 2 ,---,Xn) 
such that either n = 1 and X\ = w = 1 or Xi G {S \ I) for all i G {1, . . . ,n} 
and xi ■ ■ ■ Xn = w. It is said an even factorization if n is even or it is (1) and 
an odd factorization if n is odd. 

Remark 3. As above mentioned, the series fs equals fs = (S\1-S\1)* — (S\1- 
S \ 1)*S \ 1. Therefore for any w G A* , the value (/g, w) is the difference between 
the number of even factorizations of w and the number of its odd factorizations. 

Factorizations of a word are indeed prefix sequences ending at the right-end 
of the word. Counting factorizations instead of all prefix sequences is thus a 
gain. Next lemmas show that counting factorizations (by /g), instead of prefix 
sequences (by rg) is sufficient to establish whether a language is r-factorizing 
and distinguish words in its right factor. 
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Lemma 2. Given a language S C A* with 1 & S , a & A, w G A* , z G A~^ , we 
have that: 

{rs, 1) = (Is, 1) = (/s, 1) = 1; 

(rs, wa) = {rs, w) + {fs, wa) and {Is, aw) = {Is, w) + {fs, aw); 

{rs,z) = {rs,x) + {fs, z), where x is the longest proper prefix of z s.t. {fs,x) ^ 0 
{Is, z) = {Is, y) + {fs, z:), where y is the longest proper suffix of z s.t. {fs, y) 0. 

From Lemma 2 and using induction on lu"!, we obtain the following. 

Lemma 3. Given a language S C A* with 1 G S, if rs (Is, resp.) is a charac- 
teristic series then 

1- /m(/s)C {-1,0,1} 

2. for any w G A* , 

tf{fs,w) = 1 then {rs,w) = 1 {{ls,w) = 1, resp.); 
tf {fs,w) = -1 then {rs,w) = 0 {{ls,w) = 0, resp.); 

tf {fs,w) = 0 then {rs,w) = {rs,x) {{ls,w) = {ls,x), resp.) where x is the 
longest prefix (suffix, resp.) of w s.t. {fs,x) 0. 

Corollary 1. Let S C A* and Si = {w G A* s.t. {fs,w) = i}, for i = —1,0,1. 
If S is a right-factorizing language then 

1. RF{S) is the set of words whose longest prefix in S* \ Sq belongs to Si 

2. A*\RF{S) is the set of words whose longest prefix in S*\So belongs to S-\. 

Example 2. (continued) Let S = |l,a,a^}. S is factorizing and RF{S) = (a^)* 
([1,2]). As an example: 

for k = 0 the unique even factorization is (1) and there are no odd factorizations, 
yielding (/s,l) = 1; 

for fc = 1 the unique odd factorization is (a), yielding {fs, a) = —1; 

for k = 2 the unique even factorization is (a, a) and the unique odd factorization 

is (a^), yielding (/s,a^) = 0; 

for fc = 3 the even factorizations are (a, a^), {a^,a) and the unique odd factor- 
ization is {a, a, a), yielding {fs,a^) = 1. 

Figure 1 shows the values of fs and rg on for any fc = 0, • • • , 8. 

The condition 1 of Lemma 3 is not sufficient, as shown by this example. 

Example 3. Let S = (1, a, ab}. Since S' \ 1 is a code, then every word w G A* has 
one factorization at most and thus Im{fs) C { — 1,0,1}. On the other hand S 
is not right-factorizing. Consider for example the word ab. We have {fs, 1) = 1; 
{fs,a) = —1 and {rs,a) = 0; {fs,ab) = —1 and thus (following Lemma 2) 
{rs,ab) = {rs,a) -\- {fs,ab) = —1, showing that rg is not a characteristic series. 

A characterization of right-factorizing languages is indeed given by the fol- 
lowing theorem. 
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Fig. 1. The values of /s, rs on a°, a, a^, • • • , a® for S' = {1, a, a^} 



Theorem 1. Let S C A* with 1 £ S and fs = 

S is a right- (left-, resp.) faetorizing language iff A* can be partitioned as A* = 
S-i -I- So -I- Si where Si = {w £ A* s.t. (fs,w) = i}, for i = —1,0, 1 and the 
following alternating property holds: 

1. y £ Si \1 its longest proper prefix (suffix, resp.) in S* \ Sq belongs to S_i 

2. y £ S_i its longest proper prefix (suffix, resp.) in S* \ Sq belongs to S\. 

Proof. We prove the theorem for S right-factorizing. The proof for left-factorizing 
is the dual one. Recall that ([1,2]) S is r-factorizing iff rg is a characteristic series. 

Let us suppose that S is right-factorizing. Then rg is a characteristic se- 
ries ([1,2]) and Im{fs) C {—1,0,1}, by Lemma 3. It follows that A* can be 
partitioned as A* = S_i -I- Sq -I- Si. 

Now let us suppose that the alternating property does not hold. Let w £ 
Si \ 1 s.t. its longest proper prefix a; in S* \ Sq belongs to Si. By Lemma 2, 
(rg, w) = (rg, x)-\-{fs, w) = (rg, x)-|-l. Moreover (rg, x) = 1 because (/g, x) = 1 
and Lemma 3 holds. Therefore we had (rs,w) = 1 -|- 1 = 2 against rg is a 
characteristic series. In an analogous way, if w £ S_i and its longest proper 
prefix X in S* \ Sq belongs to S_i then we had (rg,w) = 0 — 1 = —1. 

For the vice versa let us suppose that /m(/g) C { — 1,0,1} and that the 
alternating property holds. We are going to show that rg is a characteristic 
series. Indeed we are going to show by induction on ju"], that for any w £ A* 
and X longest proper prefix of w s.t. (fs,x) yf 0, we have (rg,w) £ {0,1} and 
if ifs.w) = 1 then (rg,w) = 1, if (/g,w) = -1 then (rg,w) = 0, if (/g,w) = 0 
then {rs,w) = {rs,x). 

If |w| = 0 then (rg, 1) = (/g, 1) = 1, by Lemma 2. 

Let w s.t. |w| > 1. From Im{fs) C {—1,0,1}, three cases are possible. If 
(/g,w) = 1 then (/g,x) = — 1 by the alternating property, (rs,x) = 0 by the 
inductive hypothesis, and then (rg, w) = {rs, x) -\- {fs, w) = 0-1- 1 = 1 by Lemma 
2. In an analogous way, if {fs,w) = —1 then {fs,x) = 1, (rg,x) = 1, and then 
(rg,w) = (rg,x) -h {fs,w) = 1 - 1 = 0. If (/g,w) = 0 then (rg,w) = {rs,x) £ 
{0,1} by Lemma 2 and the inductive hypothesis. □ 
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Let us now express Theorem 1 and Corollary 1, in a more descriptive way. 
Following the scheme used in Example 2 (see Fig. 1), for any word we point out 
the values of fs on its prefixes, from the shortest one by increasing length. Given 
S C A*, w = a\ - ■ ■ Qn & A*, let us define: 

Ps{w) = {fs, l)(/s, ai) • • • {fs, ai • • • a„) and 
As(w) = {fs,ai ■ ■ ■ a„)(/s,fli • --an-i) ■ ■ ■ {fs, !)• 

Remark that ps{w) also shows the values of ps on every prefix of w. 

Example 4- (continued) Let S = {l,a, a^}. For any A: > 0 we have ps(a^^) = 
(l(-l)0)^ ps{a^’^+^) = (1(-1)0)'=1, ps(a'"+') = (1(-1)0)'=1(-1) (cfr. Fig. 1). 

Example 5. If S' = {l,a, a^6} then ps{a?ba) = 1(— 1)1(— 1)1. 

Example 6. Let S = {1, afba, a, 6, at», ba, of’ , a?b, aba, af'h, a^ba}. Remark that 
S is a factor-closed language: it contains l,w = a^ba and every factor of w. 
Using Lemma 4, it can be shown that ps{af'ba) = 1(— 1)0000. 

Theorem 1 and Corollary 1 can be restated as follows, keeping in mind that 
for any language S, {fs, 1) = 1 and S is factorizing iff the values of fs can be 
only 0, 1, —1 and in such a way that non-zero values 1,-1 alternates in a reading 
of the word from the left end to its right end. 

Theorem 2. Let S C A*, U+ = 1{0* {-1)0*10*}*, U- = 1{0* {-1)0*10*}* {-1)0* 
and U = U+ U U- . 

The language S is right- (left- , resp.) factorizing iff for any w G A*, p{w) G U 
(X{w) G U , resp.). Moreover if S is right- factorizing then RF{S) = {w s.t. 
p{w) G U+} and A* \ RF{S) = {w s.t. p{w) G U-}; if S is left-factorizing then 
LF{S) = {w s.t. X{w) G U+} and A* \ LF{S) = {w s.t. X{w) G U-}. 

Finally let us show how to compute the value of fs on a word, once the values 
of fs on its proper prefixes are known. 

Lemma 4. Let S a language, w = ai • • • a„ G A~^ and Hs{w) = {h \ h = 
\xi ■ ■ ■ Xm-i\ and {x\, ■ ■ ■ ,Xm) is a factorization ofw}. Then 

{fs,w) = - ^ {fs,ai---ah) 

hGHs{w) 

where a\ ■ ■ ■ at = 1 if h = 0. 

Proof. Remark that for any factorization {x\ ,■■■ , Xm) of w, m>2, m is even iff 
TO — 1 is odd and that if to= 1 then 0 G Hs{w). Moreover denote fes = {S\1 ■ 
S \ 1)*, fos = {S \ 1 ■ S \ 1)*S \ 1 and observe that {fes, 1) = 1, {fos, 1) = 0. 
Consider now w G A+. Then {fes,w) = J2heHs{w)if^S,ai ■■■ah) and {fos,w) = 
J2heHs(w)if^s,ai ■ ■■ah). Finally, {fs,w) = {fes,w) - {fos,w) = 

~[J2h&Hs{w)(f^s,ai ■ ■ ■ ah) — J2h&Hs{-w)(f^S,ai ■ ■ ■ ah)] = 

~J2hGHs{w)(fs,ai^^^ah). □ 
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5 Some Classes of Languages S 

In this section, we give some contributions to the characterization of finite lan- 
guages S,C,P s.t. 5 C_* P = ii*, using results of previous sections. Motivated 
by the state of art, as presented in Section 3, we consider two more cases of 
possibly strong factorizing languages: the case S is prefix-closed and the case 
S' \ 1 is a code. Remark that these two cases are at the opposite sides, regarding 
the number of factorizations on S of a word. We show that a finite prefix-closed 
language is strong factorizing iff it is factor-closed. Then we obtain that a lan- 
guage S s.t. |S| < 4 and S \ 1 is a code, is strong factorizing iff S \ 1 is prefix 
and we conjecture that the result holds for any value of the cardinality of S. 
Proposition 1 and its proof are partially outlined in [14]. 

Proposition 1. A prefix-closed language is right-factorizing iff it is factor- 
closed. 

Proof. Any factor-closed language is trivially prefix-closed. Moreover it is 
(strong) r- factorizing, as shown in [15]. 

For the converse, let S' C A* be a prefix-closed and r-factorizing language. 
We are going to show that for any w G S, all of its factors are in S, by induction 
on the length of w. 

If |zi;| = 1 then the only factor of w is w itself and thus the goal. 

Let w = ai ■ ■ ■ Qm n > 2. By the inductive hypothesis, all the factors of w 
that are factors of oi • • • a„_i belong to S. Using induction on h and Lemma 4 
it can be shown that (/s, 1) = 1, (/s, ai) = —1 and (/s, ai • • • ah) = 0 for any 
2 < h < Qn-i (cfr. Example 6). 

Let us now consider {fs, a\ ■ ■ ■ a„). From oi • • • a„ € S \ 1 C A* \ RF{S) we 
have that (/s, ai • • • a„) equals either 0 or —1. But (/s, ai • • • a„) = —1 contra- 
dicts the alternating property of Theorem 1. Hence (/s,ai---a„) = 0. Using 
Lemma 4, the unique possibility comes out to be C 2 ■ ■ ■ a„ € S. The inductive 
hypothesis applied to «2 • • • a„ achieves the proof. □ 

Corollary 2. A finite prefix-closed language is strong factorizing iff it is factor- 
closed. 

Let us now consider the case S' \ 1 is a code. Motivated by results 5, 6, 7 of 
Section 3, we present the following conjecture and we prove it in the particular 
case |S| < 4. 

Conjecture 1. A language S = 1 U A with X code is strong factorizing iff X is 
prefix. 

The proofs of the following results are very technical and based on com- 
binatorics on words. They use results in Section 4 and are based on the fol- 
lowing considerations. Firstly observe that, when studying right-factorizing lan- 
guages S, the case where S' \ 1 is a code is a very special case. If S \ 1 is a 
code then S* = Si + S_i, S* n RF{S) = Si = ((S \ 1)^)*, and S* \ RF{S) = 
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S-i = ((S' \ 1)^)*(S \ 1). Further in the considered case (S \ 1 code, |S| = 4) it 
is possible to single out some words that are forbidden to be in RF{S) (namely 
((S \ 1)^)*(S \ 1)) and some words that are forced to be in C~^ (namely in 
Lemma 6, (siS^)^ or S 2 S^l in Proposition 2). Such words cannot be arbitrar- 
ily concatenated. It is a trivial (but very crucial in the sequel) remark, that if 
S C_* P = A* then RF{S) = C*P, C ■ RF{S) C RF{S) and equivalently, w = ct 
with w ^ RF{S), c€ C implies t ^ RF{S). 

Let us now present some results (Lemmas 5, 6, 7) on shortest words of a lan- 
guage S s.t. S \ 1 is a code. 

Lemma 5. Let S be a right-factorizing language. If S \1 is a non-prefix code 
and s is a shortest word of S \1 having a proper prefix in S \1 then s = s's"y 
where s', s" G S' \ 1 and y G RF{S). 

Proof. Let s' be the proper prefix of s in S \ 1 (it is unique because of minimality 
of s). Let s = tti • • • On, s' = ai ■■■ Qh, I < h < n. We have p{s') G 10*(— 1) and 
(/s, tti • • • an) = —1. From the alternating property of Theorem 1, there exists 
h < k < n s.t. (/s,oi • • ■ Qk) = 1; let k be the smallest one. The minimality 
of s implies that the even factorization of ai • • • Ofc is (ai • • • ah, ah+i ■ ■ ■ Ofc). Let 
s" = ah+i ■ ■ ■ ak G S \ 1 and y = au+i ‘ ‘ ‘ o,n- We show that y G RF{S), by 
showing that its longest prefix x in S* \ Sq belongs to Si (cfr. Corollary 1). 
Suppose by the contrary that x G S_i. We had that s' s"x, s G S_i and s' s"x ^ s 
since S \ 1 is a code. Moreover no 2 ; G Si could exist s.t. s' s"x < z < s because 
of the minimality of s. This is a contradiction to the alternating property. □ 

Lemma 6. Let S be a strong factorizing language. If S\l is a code and si is a 
shortest word 0 / S \ 1 then there exists k > 0 s.t. sf^ G C"*". 

Proof. Firstly (si)* C Si C RF{S) and RF(S) = C*P for some C,P, finite 
languages. Because of finiteness of P, {sD* C P cannot hold. Let us now suppose 
that s.t. sf^ G C~^. This means that 3h (indeed 3 /iq s.t. \/h > ho) s.t. sf^ = cp 
where c G ,p G P \ 1 and sf"* < c < for some m < h. Two cases are 

possible: either sf"* < c < or < c < 

If Si™ < c < then = ct, t yf 1 and t G c RF{S) from 

Remark 2. Therefore we had G C'^RF(S) C RF{S) against G 

S_i C A* \ RF{S). 

Let us suppose now < c < Because c G C+ C RF{S), the 

longest prefix a; of c in S* \Sq, x G Si and then < x < c. From x, G 

Si and the alternating property it follows that 32;GS_i,a;<c<z< 

Let z = ct' . Then t' G C RF{S) by Lemma 2 and then z G C^RF{S) C 

RF{S). 

□ 

Lemma 7. Let S be a strong factorizing language. If S\1 is a non-prefix code, si 
is a shortest word of S\1 and S 2 is a shortest word in S \ {1, si} then si is not 
a prefix of S 2 . 
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Proof. If |s 2 | = |si| then si cannot be a prefix of S 2 - Otherwise (see Fig. 2), 
let us suppose that si < S 2 - From Lemma 5 and since there is no s" s.t. |si| < 
|s"| < |s 2 |, S 2 = sisiy with y € RF{S). Let k be s.t. s\^ S C"*", as in Lemma 6 . 
A contradiction holds for the word w = s^y. Indeed w G C^RF{S) C RF{S) 
against w = G S'-! C A* \ RF{S). □ 



S2 




1 k -1 k 

Fig. 2. Proving Lemma 4 



Our goal is now to prove that if S' is a strong factorizing language with S \ 1 
a code and |S| = 4, then S \ 1 is prefix. In view of Lemma 7, we only have to 
show that the longest word in S cannot have a proper prefix in S \ 1 . This is 
achieved by using an (not trivial) extension of the proofs of Lemmas 6 and 7, 
that we do not give here in details, since it uses similar techniques, but with 
more cases and sub-cases to handle. 

Proposition 2. Let S Q A* s.t. S \ 1 is a code and |S| = 4. Then S is strong 
factorizing iff S\1 is prefix. 

Proof. (Sketch) If S \ 1 is prefix then it is strong factorizing, as shown in [3]. 

Let us suppose that S' is a strong factorizing language with S C_* P_ = A* and 
S \ 1 is a non-prefix code. Let S = 1 -I- si -I- S 2 -I- S 3 with |si| < |s 2 | < jssj. 

By Lemmas 5 and 7 we have S 3 = SiSjy for some f, j G {1, 2} and y G RF(S). 
Observe that {siSj)* C Si C RF{S) = C*P. Thus for any large enough A: > 0, if 
{siSjff ^ C+ then {siSjff = cp with c G C+,p G P \ 1. Two cases are possible: 
either c = {siSjffsil, for some 1 < Z < s^ (case 1 ) or c = {siSjffl, 1 < I < Si 
(case 2). It can be shown that case I is not possible and that case 2 implies 
that Si = S 2 and l~^Si = sf, d odd. Therefore, for any i,j G {1,2} then either 
3k s.t. {siSjff G C+ or Si = S 2 and 3h st. {siSjffl G C+, for 1 < I < Si 
and l~^Si = sf, d odd. 

If (siS,)^ G C+ then (siS,)^y= (siS,)^“^S 3 would belong both to C'+i?F(S) C 
RF{S) and to S_i C A* \ RF{S). 

Otherwise S 3 = S 2 Sjy, y G RF{S). Further, sfsj G RF{S), using Corollary 1. 
Moreover let {yi, ■ ■ ■ ,yn),n even, the factorization of the longest prefix of y 
in S*\Sq, X the longest prefix of sfsjy in S*\Sq and (ii, • • • , Xm) its factorization. 
We have that X\ = ■ ■ ■ = Xd = si,Xd+i = sj and VI < j < n,Xd+i+j = yj, 
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since si ^ S2 and \sfsjy\ < |s 3 |. Consider then {s2Sj)^S3. We have {s2Sj)^S3 = 
csfsjy S C~^RF{S) C RF{S) against (s 2 Sj)^S 3 € S-i C A~^ \ RF{S). □ 

6 Constructing C from (S, P) 

In this section we consider the problem of constructing finite maximal codes. 
Observe that any code is a subset of some maximal code. We assume that 
Schiitzenberger Conjecture holds, i.e. for any finite maximal code C there exist 
finite languages S,P s.t. ^ C_* P_ = A*. We focus on the problem of construct- 
ing C, once S, P are given, and propose two methods of solution. 

The first method uses the definition. From 5 C*P = ,A*, using properties of for- 
mal power series, we obtain that C_—l = P{A—l)^ and C= supp{P,{A—l)^+ 1). 
Starting from an automaton recognizing S and automaton recognizing P, we can 
easily obtain an automaton recognizing the series P{A — l)iS -I- 1. Let n be the 
number of its states. Its support (C indeed) is regular because of some results by 

Schiitzenberger and Sontag (cfr. [7]). Applying a construction contained in [7] 

2 

we can obtain an automaton recognizing C with a number of states 2" . Remark 
that n = -I- |Qp*"|), where is the set of states of the minimal 

automaton for a language X. 

The second method we propose for constructing C, given a couple (S', P) of 
finite languages, is based on the following result. 

Proposition 3. Let S, C, P languages s.t. S = A* . Then: 

S is a right- faetorizing language and P C RF{S), 

P is a left- faetorizing language and S C LF{P), 

C* = RF{S) n LF{P) and C = C+ \ C+C+. 

Proof. RF{S) = C*P, LF{P) = SC*. Moreover, since 1 G S and 1 G P, 
then C* C RF{S) C LF{P). Vice versa, let w G RF{S) C LF{P). li w ^ C* 
then w G {S \ 1)C* D C*(P \ 1), against the non-ambiguity of SC*P. Finally 
C = C+ \ C'+C+ since C is the basis of C* (see [6], e.g.). □ 

For the sake of completeness let us summarize in the next corollary, what 
Proposition 3 and the characterization of right- and left- factorizing languages 
of Section 4 yield to languages S,C*,P. Recall that the values (rg, w), (^s, w) 
are related to the number of prefix- and suffix- sequences of w. 

Corollary 3. Let S,C,P languages s.t. S_C_*P_ = A*. Then: 

S\lC{w rs,w) = 0, {Is, w) = l} = {S\ l)C*, 

C* = {w rs,w) = {ls,w) = 1}, 

P\1F {w rs,w) = l,{ls,w) = 0} = C*{P\ 1). 

Using Proposition 3, an automaton recognizing C can be obtained in the 
following way. First construct an automaton recognizing C* as intersection of 
an automaton recognizing RF{S) and an automaton recognizing LF{P); then 



210 Marcella Anselmo 



obtain an automaton recognizing C using the formula C = C^\C'^C'^ , that is by 
completion, product and intersection of automata. Therefore the second method 
strongly depends on the construction we use to recognize RF{S) and LF{P). 
The rest of the section is devoted to a construction of a deterministic automaton 
recognizing RF{S), starting from a deterministic automaton recognizing S. The 
case LF{P) is clearly the symmetric one. We will find that when considering 
a finite r-factorizing language S, such a construction gives rise to an automaton 
with a number of states |Q| < 2 • . Moreover the completion of 

an automaton can be obtained by adding 1 state at most to the states of the 
given automaton; the intersection and the product of two given deterministic 
automata can be obtained with a number of states equal to the product of the 
number of states of the two given automata ([23]). Therefore this second method 
is asymptotically more efficient than the first one. 

Let us now construct a deterministic automaton Af^ that recognizes the 
right-factor of a regular right-factorizing language S. The construction is based 
on Theorem 2. Indeed the state of A/g reached from the initial state reading 
a word w, shows the value of fs on w. 

Let S' C A* a regular language and ^ 5 = (Qs,< 10 tSs, Fs) a determinis- 
tic trim automaton recognizing S. Consider the automaton (Qs, <?o, (^ 5 , { 90 }) 
where S'g{q,a) = {(5s(g,a)} if Ss{q,a) ^ Fs and S'g{q,a) = {i5s(g,a)} U {go} if 
G Fs- Let Ms* = (Qs*) 90 :'^S*,{ 9 o}) be the flower automaton (cf. [6]) 
of Ms obtained by removing from {Qs, go, S's, {go}) every not coaccessible state 
and all transitions involving it. Let Qs* = {<Zo, 9i, • • • , g«-i}- Remark that Ms* 
is no more deterministic, but the number of its transitions is at most twice. 

Let us define the function sign : Z \ {0} ^ {-!-, — }, as sign{z) = -I- if z > 0 
and sign{z) = — if z < 0. 

The automaton M/g = (Q,l,(5, F) is the following. A state g € Q is g = 
(Zo, • ■ • , O') with e Z U { 00 }, cr € {-!-, — }; 1 = (1, 00 , • • • , 00 , -|-) and F = 

{{lo, - ■ ■ ,ln-i,cr)\a = -I-}. Further 5{{lo, - ■ ■ = (mo, • • • , Wn-i, r) 

where: 

if S.t. ^S* (9„ o) = 90 

1 00 otherwise 

m, = I Sis* nd ,/oo h if s.t. 5s* (9„ a) = q^ 

1 00 otherwise 

r = ( sign{mo), if mo yf 0 
f a otherwise. 

Remark that the automaton M/g is deterministic. Moreover it can have an 
infinite number of states, since k G Z U { 00 }. 

Proposition 4. Let S a finite right-foetorizing language, M/g = (Q,l,5, F) 
eonstrueted as above and L{Afg) the language reeognized by M/g. 

Then M/g is finite and L{Afg) = RF{S). 
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Proof. The proof is based on Theorem 1 and on the following observations 
that can be proved by induction on the length of w. Let w G A* and q{w) = 
{lo, ■ ■ ■ , cr) the state of Af^ reached from 1 reading w. We have that: 
if = oo then there is no path in As* from go to qi labelled w; 
if li oo and i = 0 then w G S*, {fs, w) = Iq and (rg, w) > 0 iff cr = +; 
if li oo and i yf 0 then w = uiVi = • • • = UhVh where for any j = 
1, • • • , /i, Uj G S*, X)j=i ••• hifs^ '^j) ~ there is some path in As from go 

to qi labelled Vj and that does not pass through go . 

Observe that Afg is finite. Indeed if S is factorizing then {fs,Uj) G {0,1,—!} 
for any uj G A*. Moreover li G {—k, • • • , 0, • • • , A:, oo}, where: 

|fc| = maXrueA* J2j=i,-,hifs^Uj) < max.uieA*{rnaXj=i^...hVj) < maa;sgs|s| - 1. 

□ 

Remark that \Q\ <2- + and k = 0(|Q™™|). The exponential blow- 

up is due to the deterministic visit of paths in the non-deterministic automaton 
As* ■ Nevertheless this construction in the case of a finite language S is asymp- 
totically more efficient than the one contained in [1,2]. The number of states 
of the automaton recognizing RF{S) as constructed in [1,2], is 2” , where n is 
the number of states of an automaton recognizing rs- Since n = the 

number of states of that automaton is I ). Moreover, the construction 

presented in this section is simpler: the transitions are obtained by some tests 
and sums of integers, while in [1,2] they were obtained by some products of 
matrices n x n with entries in Z 2 - 

Example 1. Let A = {a, 6} and S = {l,a, a^6}. Let Ms = {Qsi qoAs, Fs), 
where Qs = {go, gi, 92 , 9s}, Fs = { 90 , 9i, 93 } and the only transitions are Ss{qo, a) 
= 9 i, Ss{qi,a) = 92 and Ss{q 2 ,b) = 93 . We find Ms* = {Qs*,qo,Ss*,{qo}), 
where Qs = { 90 , 91 , 92 }, and the only transitions are Ss*{qo,o) = { 90 , 91 }, 
'^S*( 9 i,a) = 92 and Ss{q 2 ,b) = go. 

Using the above construction, M/^ = {Q,1,6,F) is given as follows. The 
states are Q = {1,2, 3, 4, 5,6,7}, where 1 = (1, 00 , 00 , -b), 2 = (— l,l,oo,— ), 
3 = (1,-1, 1,-b), 4 = (-1,1,-!,-), 5 = (1,00,00,-b), 6 = (-1, 00 , 00 , -), 
7 = (1, — 1, 00 , -b). The final states are F = {1,3, 5, 7}. The transitions are as 
given in Fig. 3. 

In Fig. 4 we compare the path in M/g from 1 labelled w = a^ba with the factor- 
izations of w and its prefixes. 



7 Conclusions 

The problem of constructing codes, is still far away from a solution. 

We have singled out two problems to explore, assuming that Schiitzenberger 
Conjecture holds: the construction of all the possible factorizations (S', P) of 
some code C and the construction of a code C starting from its factorization 
(S, P). Regarding the first problem we have presented the state of art, adding 
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Fig. 3. The automaton Afg for S = {1, a, a^b} 




Fig. 4. The path labelled a%a in Afg 
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some contributions, but a lot of them can be still given. Then we have pre- 
sented a solution to the second problem. Finally: Schiitzenberger Factorization 
Conjecture is indeed still open! 
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Abstract. We present a translation from Tickle (a Java-like language 
allowing dynamic object re-classification, that is, objects that can change 
their class at run-time) into plain Java. The translation is proved to pre- 
serve static and dynamic semantics; moreover, it is shown to be effective, 
in the sense that the translation of a Tickle class does not depend on the 
implementation of used classes, hence can be done in a separate way, that 
is, without having their sources, exactly as it happens for Java compi- 
lation. The aim is to demonstrate that an extension of Java supporting 
dynamic object re-classification could be fully compatible with the ex- 
isting Java environment. 



1 Introduction 

Dynamic object re-classification is a feature which allows an object to change 
its class membership at run-time while retaining its identity. Thus, the ob- 
ject’s behavior can change in fundamental ways {e.g., non-empty lists becom- 
ing empty, iconified windows being expanded, etc.) through re-classification, 
rather than replacing objects of the old class by objects of the new class. Lack 
of re-classification primitives has long been recognized as a practical limita- 
tion of object-oriented programming. Tickle [4] is a Java-like language support- 
ing dynamic object re-classification, aimed at illustrating features for object 
re-classihcation which could extend an imperative, typed, class-based, object- 
oriented language. 

Other approaches have been attempted [3,6,7]; however. Tickle is more within 
the main stream of the object oriented approach, and moreover it is type-safe, 
in the sense that any type correct program (in terms of the Tickle type system) 
is guaranteed never to access non-existing fields or methods. 

A further problem is how to construct, starting from the Tickle design, 
a working extension with dynamic object re-classification of a real object-oriented 
language. Java is the first natural candidate to be considered, since Tickle can be 
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EPSRC (Grant Ref: GR/L 76709). 

A. Restivo, S. Ronchi Della Rocca, L. Roversi (Eds.): ICTCS 2001, LNCS 2202, pp. 215-234, 2001. 
© Springer- Verlag Berlin Heidelberg 2001 



216 



Davide Ancona et al. 



considered a small subset of Java (with only non-abstract classes, instance fields 
and methods, integer and boolean types and a minimal set of statements and 
expressions) enriched with features for dynamic object re-classification. Thus, in 
particular, a Tickle class which does not use these features is a Java class. 

In this paper, we provide a first important step towards the solution, that 
is, we show that a Java environment could be easily and naturally extended in 
such a way to handle standard Java and Tickle classes together. 

In order to show that, we define a translation from Tickle into plain Java. 
The translation is proved to preserve static and dynamic semantics (that is, well- 
formed Tickle programs are translated into well-formed Java programs which 
behave “in the same way”). Moreover, the translation is effective, in the sense 
that it gives the basis for an effective extension of a Java compiler. This is 
ensured by the fact that the translation of a Tickle class does not depend on the 
implementation of used classes, hence can be done in a separate way, that is, 
without having their sources, exactly as it happens for Java compilation. This 
is so because type information needed by the translation can be retrieved from 
type information stored in binary files. 

Hence, an extension of Java supporting dynamic object re-classification could 
be fully compatible with the existing Java environment. 

The problems we had to solve in order to define a translation that were 
both manageable from the theoretical and implementative point of view were 
not trivial. The main issues we had to face were the following: 

1. to find an appropriate encoding for re-classifiable objects; 

2. to deal with the fact that a standard Java class c can be extended by a re- 
classifiable class, possibly after c is translated {i.e., compiled); 

3. to make the translation as simple as possible, neglecting efficiency in favor 
of clearer proofs of correctness; 

4. to make the translation effective, in the sense that it truly supports separate 
compilation as in Java. 

Concerning point 1), the basic idea of the translation is to represent each re- 
classifiable Tickle object o through a pair <w, i> of Java objects. Roughly speak- 
ing, w is a wrapper object providing the (non-mutable) identity of o, whereas i is 
an implementor object providing the (mutable) behavior of o. A re-classification 
of o changes i but not w, and method invocations are resolved by i. 

To solve problems 2), 3) and 4), even non-re-classifiable objects are repre- 
sented through such a pair <o,o>, where o plays both roles. This greatly sim- 
plifies the translation, and allows the same treatment for re-classifiable classes 
(i.e., state classes in Tickle terminology), and non-re-classifiable classes. 

The work presented in this paper comes out of a collaboration among different 
research groups and is based on their previous experience in the design and 
implementation of Java extensions [1,4]. 

The paper is organized as follows: In Section 2 we introduce Tickle informally 
using an example. In Section 3 we give an informal overview of the translation, 
while in Section 4 we give the formal description. In Section 5 we state the formal 
properties of the translation (preservation of static and dynamic semantics) and 
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illustrate the compatibility of the translation with Java separate compilation. 
In the Conclusion we summarize the relevance of this work and describe further 
research directions. 

A prototype implementation largely based on the translation described in 
this paper has already been developed [2]. 

2 fickle: A Brief Presentation 

In this section we introduce Tickle informally using an example. However, this 
section is not intended to be a complete presentation of Tickle. We refer to [4] 
for a complete definition of the language. 

For readability, in the examples we allow a slightly more liberal syntax than 
that used in the formal description of the translation (given in Section 4). 

The (extended) Tickle program in Fig. 1 defines a class Stack, with subclasses 
EmptyStack and NonEmptyStack. A stack has a capacity (field int capacity) 
that is, the maximum number of integers it can contain, and the usual operators 
isEmpty, top. push, and pop. 

In Tickle class definitions may be preceded by the keyword state or root 
with the following meaning: 

— state classes are meant to describe the properties of an object while it satisfies 
some conditions; when it does not satisfy these conditions any more, it must 
be explicitly re-classified to another state class. For example, NonEmptyStack 
describes non-empty stacks; if these become empty, then they are re-classified 
to EmptyStack. 

We require state classes to extend either root classes or state classes. 

— root classes abstract over state classes. Objects of a state class Cl may 
be re-classified to a class C2 only if C2 is a subclass of the uniquely de- 
fined root superclass of Cl. For example. Stack abstracts over EmptyStack 
and NonEmptyStack; objects of class EmptyStack may be re-classified to 
NonEmptyStack, and vice versa. 

We require root classes to extend only non-root and non-state classes. 

Objects of a non-state, non-root class C behave like regular Java objects, that is, 
are never re-classified. However, since state classes can be subclasses of non-state, 
non-root classes, objects bound to a variable x of type C may be re-classified. 
Namely, if C had two state subclasses Cl and C2 and x referred to an object o 
of class Cl, then o may be re-classified to C2. 

Objects of an either state or root class C are created in the usual way by the 
expression new C(). 
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class StackException extends Exception! 

StackException (String str) •[} {super (str) ; 11- 
abstract root class Stack! 
int capacity; // maximum number of elements 
abstract boolean isEmptyO !}; 
abstract int topO !1 throws StackException; 
abstract void push(int i) {Stack} throws StackException; 
abstract void popO {Stack} throws StackException;} 
state class EmptyStack extends Stack! 

EmptyStackCint n){} {capacity=n; } 
boolean isEmptyO {} {return true;} 
int topO {} throws StackException { 
throw new StackExceptionC'StackUnderflow") ; } 
void pushCint i) {Stack} { 

this ! ! NonEmptyStack; a=new int [capacity] ; t=0; a[0]=i;} 
void popO {} throws StackException { 
throw new StackExceptionC'StackUnderflow");}} 
state class NonEmptyStack extends Stack! 
int [] a; // array of elements 
int t; // index of top element 

NonEmptyStackdnt n, int i) {} {capacity=n; a=new int [n] ; t=0; a[0]=i;} 
boolean isEmptyO {} {return false;} 
int topO {} {return a[t];} 

void pushCint i) {} throw StackException! t-H-H; 
if (t==capacity) throw new StackExceptionC'StackOverflow") ; 
else a[t]=i; } 

void popO {Stack} {if (t==0) this !! EmptyStack; else t — ;}} 
public class StackTest! 

static void main(String [] args) {Stack} throws StackException! 

Stack s=new EmptyStack ( 100) ; s.pushO); s.push(5); 

System, out ,println(s . isEmptyO ) ; 

Stack sl=new NonEmptyStack(100,3) ; Stack s2=sl; si. popO; 

System, out .println(s2 . isEmptyO ) ; }} 

Fig. 1. Program StackTest - stacks with re-classifications 



Re- classification statement, this! 1C, sets the class of this to C, where C must 
be a state class with the same root class of the static type of this. The re- 
classification operation preserves the types and the values of the fields defined 
in the root class, removes the other fields, and adds the fields of C that are not 
defined in the root class, initializing them in the usual way. Re-classifications may 
be caused by re-classification statements, like this! ! NonEmptyStack in body of 
method push of class EmptyStack, or, indirectly, by method calls, like s . push (3) 
in body of main. At the start of method push of class EmptyStack the receiver 
is an object of class EmptyStack, therefore it has the field capacity, while it 
does not have the fields a and t. After execution of this ! ! NonEmptyStack the 
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receiver is of class NonEmptyStack, the field capacity retains its value while the 
fields a and t are now available. 

Fields, parameters, and values returned by methods (for simplicity. Tickle does 
not have local variables) must have declared types which are not state classes; we 
call these types non-state types. Thus, fields and parameters may denote objects 
which do change class, but these changes do not affect their type. Instead, the 
type of this may he a state class and may change. 

Annotations like {} and {Stack} before throws clauses and method bodies 
are called effects. Similarly to what happens for exceptions in throws clauses, 
effects list the root classes of all objects that may be re-classified by execution of 
that method. Methods annotated by the empty effect {}, like isEmpty, do not 
cause any re-classification. Methods annotated by non-empty effects, like pop 
and push by {Stack}, may re-classify objects of (a subclass of) a class in their 
effect (in the example, of Stack). 

A method annotated with effects can be overridden only by methods anno- 
tated with the same or less effects^. 

By relying on effects annotations, the type and effect system of Tickle ensures 
that re-classifications will not cause accesses to fields or methods that are not 
defined for the object. 

Note that effects are explicitly declared by the programmer rather then in- 
ferred by the compiler. Even though effects inference could be implemented in 
practice, more flexibility in method overriding can be achieved by allowing the 
programmer to annotate methods with more effects than those that would be 
inferred (similarly to what happens for exceptions). 

3 An Informal Overview of the Translation 

3.1 Encoding Tickle Objects 

The translation is based on the idea that each object o of a state class c can be 
encoded in Java by a pair <w,i> of objects; we call w the wrapper object of i 
and i the implementor object of w. Roughly speaking, w provides the identity 
and i the behavior of o, so that any re-classification of o changes i but not w 
and method invocations are resolved by i. 

The class of w is called a wrapper class and is obtained by translating the root 
class of c, whereas the class of i is called an implementor class and is obtained 
by translating c. For any pair <w,i> encoding an object of a state class, the 
class of i is always a proper subclass of the class of w. 

An object o which is not an instance of a state class does not need to be 
encoded in principle; however, the same kind of encoding proposed above can 
be adopted also in this case, since o can always be encoded by the pair <o, o>, 
where both the wrapper and the implementor are the object o itself (in other 
words, if c is not a state class, then it may seen as wrapper class of itself). Even 

^ This means that adding a new effect in a method of a class c does not require any 

change to the subclasses of c, but may require some changes to its superclasses. 
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though at first sight this may seem inefficient and unnecessary, it allows for a 
simpler and more effective translation, as explained in the sequel. 

The translation of classes follows the following two rules: 

— each Tickle class is translated into exactly one Java class (including Object); 

— the translation preserves the inheritance hierarchy. 

Throughout the paper we adopt the following terminology: 

— the translation of a non-state, non-root class is called a non-implementor, 
non-wrapper class; 

— the translation of a root class is called a wrapper class; 

— the translation of a state class is called an implementor class. 

We illustrate the above in terms of the example in Fig.l. After the instruction 
s=new NonEmptyStack(100,3) ; 

where s has static type Stack, the object stored in s is encoded in the translation 
as sketched in Fig. 2. 




to methods 
of Stack 



to methods 
of NonEmptyStack 



Fig. 2. Encoding of the object stored in s 



The variable s contains an object o of dynamic type Stack with three fields: 
capacity is declared in Stack, whereas implementor and trueThis are inherited 
from class FickleObject, have type FickleObject and are used in the transla- 
tion for recovering the implementor and the wrapper of a re-classifiable object, 
respectively. In this case the field implementor points to an object of the imple- 
mentor class obtained by translating NonEmptyStack, whereas trueThis points 
to the object itself. Note that here the field capacity is redundant, since its 
actual value is stored in implementor. capacity. 

The implementor object contains all fields declared in NonEmptyStack (a and 
t), and also the field capacity, since the implementor class NonEmptyStack is a 
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subclass of the wrapper class Stack. The field implementor points to itself, even 
though is never used. The field trueThis is inherited from class FickleObject, 
has type FickleObject and is used to recover the wrapper object of the imple- 
mentor, which is essential for correctly handling re-classification of this. 

3.2 Translation of Classes 

In this section we introduce some examples in order to explain how classes and 
expressions are translated. 

Example 1. Consider the following class declaration in (extended) Tickle: 

class C{ 
int x; 

int ml(){}{m2(); return m2();} 
int m2(){R}{x=0; return x;} 

} 

Our translation maps the declaration of C in the following Java class^ 

class C extends FickleObject! 
int x; 
int mlO! 

((C) trueThis . implementor) .m2 0 ; 
return ((C) trueThis . implementor) .m2 (); } 
int m2()-[ 

( (C) trueThis . implementor) . x=0 ; 
return ((C) trueThis . implementor) . x; } 

C(){} 

C (FickleObject oldlrnp)! 
super (oldlmp) ; 
x=((C) oldlmp). x;} 

> 

FickleObject is the common ancestor of the Java classes obtained by translating 
Tickle classes, and, in fact, corresponds to the translation of the Tickle predefined 
class Object: 

class FickleObject extends Object! 

FickleObject implementor; 

FickleObject trueThis; 

FickleObject 0! 
implementor=this ; 
trueThis=this ; } 

^ The translation examples in this paper do not completely agree with the formal 
definition given in Sect. 4, since some optimization has been performed in order to 
keep the code simpler. 
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FickleObject(FickleObject oldImp){ // re-classif ies objects 
implementor=this ; 
trueThis=oldImp . trueThis ; 
trueThis . implementor=this ; } 

> 

The fields implementor and trueThis are declared in this top level class for 
correctly dealing with the encoding of objects which are not instances of state 
classes, as already explained in 3.1; constructor FickleObjectO initializes fields 
implementor and trueThis to the new instance o so that its encoding is <o, o>. 
This constructor is invoked whenever either a new instance of a non-state class 
or a new implementor of a state class is created. 

On the other hand, constructor FickleObject (FickleObject oldlmp) is in- 
voked whenever an object is re-classified and is placed in FickleObject just for 
avoiding code duplication. An object o which needs to be re-classified to a state 
class C (recall that in the translation every class is subclass of FickleObject) 
and which is encoded by the pair <w,i>, is transformed into <w,i'>, where i' 
denotes the new implementor of class C (provided by a proper constructor of 
C; see Example 3 below). The argument of the constructor denotes the old im- 
plementor z, from which the wrapper w can be recovered as well (recall that 
w. implementor = z. trueThis must hold), whereas i' is denoted by this. Fields 
are initialized so that wrapper w and the new implementor i' point to each 
other. The assignment implementor=this could be omitted, since in principle 
field implementor of implementors should never be used. 

Two interesting parts of C translation concern invocations of method m2 in 
ml and access of field x in m2. 

Method m2 must be invoked on implementor because it could be overridden 
by some state subclass of C, whereas this must be translated in trueThis be- 
cause method m2 could be inherited by some subclass of C (hence, this could 
contain a possibly wrong implementor rather than a wrapper). Downcasting is 
needed since implementor has type FickleObject. 

The same explanations apply also for selection of field x. 

Constructor C (FickleObject oldlmp) invokes the corresponding construc- 
tor in class FickleObject which is used for re-classifying objects, as already 
explained. However, during re-classification all fields of the new implementor i' 
which are inherited from non-state classes (like x in the example) must be initial- 
ized with the values of the corresponding fields of the old implementor i (x=( (C) 
oldlmp) . x). 

Finally, note that the translation of C is totally independent of any possible 
existing subclass or client class of C; this property, which is satisfied by our 
translation for any kind of class, is crucial for obtaining a translation which truly 
reflects Java separate compilation (see also the related comments in Example 3). 

Example 2. Assume now to add to the declaration of Example 1 the following 

class declaration: 

root class R extends C{ 

} 
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This Tickle class declaration is translated in the following Java class declaration: 

class R extends C{ 

R(){} 

R(FickleObject oldimp) {super (oldimp) ;} 

R(R imp){ 
trueThis=this ; 
implementor=imp ; 
imp . trueThis=this ; } 

> 

In the translation, root classes declare three constructors. 

Constructor R() is used for creating instances of R and simply invokes the 
corresponding constructor of the direct superclass C. 

Constructor R(FickleObject oldimp) is used for re-classifying objects and 
simply invokes the corresponding constructor of the direct superclass C, since in 
this case R does not declare any field. 

Constructor R(R imp) is used by state subclasses of R for creating new in- 
stances. The argument represents the implementor of the object which has been 
properly created by the constructor of a state subclass of R, while the wrapper 
object is created by the constructor itself. Fields are initialized so that wrapper 
and implementor point to each other. The assignment trueThis=this could be 
omitted, since field trueThis of wrappers will never be used. 

Example 3. Consider now the following state classes: 

state class SI extends R{ 
int m2(){R}-{this ! ! S2; x=l ; return x;} 
static void mainCString [] args) 

{System. out .printlnCnew SI 0 .ml ());}} 
state class S2 extends R{ 
int y; 

int m2 0 {R}{y=l ; return x+y;} 

} 

They are translated in Java as follows: 

class SI extends R{ 
int m2(){ 

new S2 (trueThis . implementor) ; 

((S2) trueThis . implementor) .x=l ; 
return ((S2) trueThis . implementor) . x; } 
static void mainCString [] args){ 

System. out .printlnC 

((SI) new R(new SI 0 ). implementor) .ml ()); } 

Sl(){} 

SI (FickleObject oldimp) {super (oldimp) ;} 

} 
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class S2 extends R{ 
int y; 
int m2()-[ 

((S2) trueThis . implementor) ,y=l ; 

return ((S2) trueThis . implementor) . x+ 

((S2) trueThis . implementor) . y; } 

S2(){} 

S2(Fickle0bject oldlmp) {super (oldlmp) ;} 

} 

In the translation, state classes declare two constructors. 

In class S2, for instance, constructor S2() is used for creating the 
implementor component of a new instance of S2, while constructor 
S2(Fickle0bject oldlmp) is used for re-classifying objects; note that, differ- 
ently to what happens for non-state classes, no extra-code is added in the body 
for any field declared in the class (like y). 

Let us now focus on the translation of object re-classification this! IS2 (in 
the body of method m2 of class SI) and on instance creation of class SI (in the 
body of method main of class SI). 

As already explained, for re-classifying an object to class S2, the proper con- 
structor of S2 must be invoked, passing as parameter the current (and soon obso- 
lete) implementor i, denoted by trueThis . implementor; then, the constructor 
creates a new implementor i' (belonging to S2), initializes and updates fields 
so that the wrapper w and the new implementor i' point to each other (recall 
that the wrapper can be recovered from the old implementor i) and properly 
initializes all fields inherited from non-state superclasses (like x). This last step 
is performed by invoking all the corresponding constructors of superclasses up 
to FickleObject. 

Creation of an instance of SI is achieved by invoking the proper constructor 
of the root class R of SI; a new implementor, created by invoking the default 
constructor of SI, is passed as parameter to the constructor. 

We now consider issues related to the effectiveness of the translation. As 
already pointed out in Example 1, the translation of a Tickle class C does not 
depend on any possible subclass or client of C, as happens for Java separate 
compilation. On the other hand, the translation of class SI, for instance, depends 
on classes R and S2 inherited and used, respectively, by SI; for instance, all type 
casts in the body of SI are determined by type-checking SI and this process 
requires to retrieve type information about classes R and S2 (that is, the signature 
of methods and the inheritance hierarchy). However, the translation of SI is 
clearly independent of the specific bodies of methods of R and S2. 

As a consequence, dependencies computed by our translation process are 
exactly the same as those computed by the Java compiler. Furthermore, the 
translation of classes depends only on the inheritance hierarchy and on method 
signatures; therefore a class c depending on classes ci , . . . , c„ could be success- 
fully translated in a context where only the binary files of ci, . . . , c„ are available, 
as happens for Java. 
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p ::= class* 

class ::= [root | state] class c extends c' {field* meth*} 
field t f 

meth ::= t m{t' x) 4 >{sl return e; } 
t ::= boolean ] int j c 

0::= K} 
si :■.= s* 

s {sZ} I if (e) Si else S2 j se; j this!!c; 

se var = e j ei.m(e2) | new c() 
e ::= sval j var j this j se 
var ::= x j e.f 

sval ::= true ] false j null j n 

Fig. 3. Syntax of Tickle 



4 Formal Description of the Translation 

In this section we give a formal description of the translation. The syntax of the 
source language is specified in Fig. 3. We refer to [4] for the definition of the 
static semantics of Tickle (the type system of Tickle can be easily adapted to 
the subset of Java serving as target for the translation) and of some auxiliary 
functions used in the sequel. 

4.1 Programs 

The translation of a Tickle program p consists of the translation of all classes 
declared in p. The classes are translated w.r.t the program p, needed because 
the translation of expressions depends on their types (in particular, for method 
invocation and field selection) and on the names of root classes (in particular, 
constructor invocation and this). 

= {class il,i^,{p) . . . {clasSnlciassip) where p = classi . . . classn- 



4.2 Classes 

As already explained, each Tickle class c is translated into a single Java class 
containing the translation of all field and method declarations of c and a number 
of constructors, used for creating instances and for re-classifying objects. 

The translation of fields and methods is independent of the kind of class. 
However, translation of non-state non-root classes, root classes and state 
classes leads to the declaration of different constructors. That is why for each 
kind of class we give a different translation clause. 

Class Object.' This class is translated in FickleObject which is the common 
superclass of all translated classes, already defined in Sect. 3. 2. 
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Non-state, non-root classes: These classes are translated by translating all their 
methods, and by adding two constructors: c() is used for the creation of new 
instances of c and c(FickleObject oldimp) is used for the creation of new 
implementors when objects of subclasses are re-classified. In this last case 
all fields of the old implementor oldimp which are declared in class c must 
be copied into the corresponding new implementor created by the construc- 
tor (see Example 1 in Sect. 3. 2). The additional parameter c for the transla- 
tion of methods is needed to determine the class of this inside the bodies, 
[class c extends c' {ti /i; . . . tm fm\ methi . . . methn}lciass{p) = 
class c extends name(c'){ pi . . . [t^ 

c) ... c) 

c(){} 

c(c oldimp)! 
super(oldlmp); 
fi = oldimp./i; 

fm — oldimp. } 

} 

The auxiliary function name is defined as follows: 

, . I FickleObiect if c = Object 
name(c) = < • 

' ^ ! c otherwise 

Root classes: The translation of this kind of classes produces three construc- 
tors: c() creates instances of c, c(FickleObject oldimp) deals with object re- 
classification, and c(c imp) creates wrappers of instances of state classes: 

[root class c extends c'{ti /i; . . .tm fm', methi . . . methn}jcia.s{p) = 
class c extends name(c'){ pi fi]jfieid{c) ... {tm fm',jfieid{c) 

c) ... c) 

c(){} 

c(c oldimp)! 
super(oldlmp); 

/i = oldimp./i; 

fm — oldimp. ! 
c(c imp)! 

trueThis ~ this; 
implementor = imp; 
imp. trueThis = this; } 

} 

State classes: The translation of this kind of classes produces two constructors: 
the former (with no arguments) for creating new implementors for new instances 
of class c, the latter for dealing with object re-classification to c: 
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[state class c extends c'{fieldi . . .field^ methi . . . methn}}cia,s (P) = 
class c extends name{c'){ l/ieW Jy;eu(c) . . . {field 

c) ... Imethnj^^thip, c) 

c{){} 

c(FickleObject oldlmp){ super (oldlmp)} 

} 

Note that here name{c') = c', since a state class cannot extend class Object. 

4.3 Fields 

Translation of each field / comes equipped with a static method to/ used for 
translating assigments of value v to field / of object tT (see the paragraph on 
expressions translation below), since the implementor of the object tT can be 
correctly selected only after evaluating v. 

t /; 

static t to/(FickleObject tT, f i;){return ((c) tT. implementor) = u; } 

4.4 Methods 

Translating methods consists of translating their bodies. Effects are omitted, 
whereas the signatures remain the same. Since the translation of statements and 
expressions depends on their types, the program p and the environment 7 must 
be passed as parameters to the corresponding translation functions. 

Note that the environment 7' used for translating the returned expression e 
may be different from 7, since execution of si could re-classify this. Furthermore, 
translation of each method m comes equipped with a static method callm used 
for translating invocations of m on receiver tT and with argument x (see the 
paragraph on expressions translation below); indeed, the implementor of tT can 
be correctly selected only after evaluating the argument x. 

The judgment p, 7 h s/ : void | d | 4 >' is valid (see [ 4 ] for the typing 
rules) whenever si has type void w.r.t. program p and environment 7; d denotes 
the type of this after evaluating s/, whereas (j) conservatively estimates the 
re-classification effect of the evaluation of si on objects (this last information 
is never used by our translation). The environment 7 defines the type of the 

\t m{t' x)(j){sl return e; }]™etfc(p, c) = 

parameters and of this. ^ return Ie]..,.(p, 7'); } 

static t callm(FickleObject tT, x){ 

return ((c) tT. implementor). m(x); } 
where 7 = t' x, c this, 7' = t' x, d this, and p, 7 h : void | d | (f' 

4.5 Statements 

Except for object re-classification, all statements are translated by translating 
their constituent statements or subexpressions. The notation 7(0 this] denotes 
the environment obtained by updating 7 so that it maps this to c. 
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where p,7 h s : void | c | (^ and 7' = 7[c this] 

[{sOL«mt(P>7) = {IsO»*™*.(P:7)} 

|if (e) Si else S2],j„*(p,7) = 

if ([elexpr(p, 7 )) [si].tn.*(p, 7 ') else |s2],t™*(p, 7') 

where p,7 h e : boolean jj ci jj (j)i, 7' = 7[ci this] 

[se;],j„t(p,7) = |se]„,p,(p,7); 

The translation of re-classification to class c consists of the call to the appro- 
priate constructor of class c. The current implementor (trueThis. implementor) 
is passed as parameter to the constructor in order to correctly initialize the fields 
of the new implementor. 

|this!!c;],tmj(p, 7) = new c(trueThis. implementor); 

4.6 Expressions 

Types of expressions are preserved under the translation, up to state classes: 
more precisely, if a Tickle expression e has type t and t is not a state class, 
then its type is preserved; otherwise, the type of the translation of e is the root 
superclass of t. This is formalized and proven in Sect. 5 . 

Simple cases: Values, variables and variables assignment: The translation is 
straightforward. 

|s?;a/]expr(p, 7 ) = sval 

Nexpr(P,7) = X 

|x = e]e:,p,(p,7) = X = |e].,p,(p,7) 

Field selection: as already explained in Sect. 3 . 1 , in the encoding <w,i> of an 
object o of class c, the fields of o are stored in the implementor object i (be- 
longing to the class obtained by translating c). Therefore, fields can be accessed 
only through u>. implementor on object^ w. Downcasting is needed because field 
implementor has type FickleObject. 

[e./]_(p, 7 ) = ((c) [el.., r{p, 7). implementor)./ 
where p, 7 h e : c | c' | /> 

Field assignment: Field / of the wrapper object w denoted by the translation 
of ei is accessed through the implementor of w; however, 62 could re-classify w, 
therefore selection u>. implementor is correct only after evaluating the translation 
of 62. This is achieved by invoking the auxiliary static method to/. 

[ei./ = e 2 ]..,.(p, 7 ) = c.to/(|ei]..p.(p,7), [e2]..,.(p, 7')) 
where p,7 h ei : c jj c' | /), and 7' = 7(0' this] 

® Note that this is necessary only when c is a state class, while in the other cases 
selection could be performed directly on the object o itself, since w = i = o holds. 
However, to keep the mapping simpler, we do not make this distinction. 
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Method invocation: The same considerations as for field assignment apply in this 
case: method call is performed by calling the auxiliary static method callm, 
so that implementor field of the receiver is selected only after evaluating the 
translation of 62- 

|ei.m(e2)]expr(p,7) = c.callm(|ei].,p,(p, 7 ), |e 2 ].,p.(p, 7 ')) 
where p, 7 h ci : c || c' | (j>, and 7' = 7[c' this] 



Object creation: Creation of instances of a non-state class c only requires invo- 
cation of the default constructor of c. If c is a state class, then two objects must 
be created: the implementor i (created by invoking the default constructor of c), 
and the wrapper w (created by invoking the proper constructor of class 7 ?-(p, c), 
that is, the wrapper class of c). The implementor is passed as parameter to the 
constructor of the wrapper so that fields of w and i can be properly initialized to 
satisfy the equations w. implementor = i and i.trueThis = w. The term TZ{p, c) 
denotes the least superclass of c which is not a state class: If c is a state class, 
then 7 Z(p, c) is its unique root superclass, otherwise TZ{p, c) = c. 

new TZ{p, c)(new c()) if p h c Og 
new c() otherwise 



new cl 



r(P,7) = 



This: The expression this is translated into trueThis because this could 

denote the implementor object i, rather than the wrapper w. Furthermore, the 
actual implementor of w may have changed because of re-classification, therefore 
this may denote an obsolete implementor. Because trueThis has static type 
FickleObject, in order to preserve types, the translation also needs to downcast 
to the root superclass of the type of this"'’. Note that since a state class c cannot 
be used as a type, the translation is statically correct also when this is passed 
as a parameter or assigned to a field. 

|this],,,p,.(p, 7 ) = (7^(p,7(this))) trueThis 



5 Properties of the Translation 

In this section we formalize the properties of the translation previously men- 
tioned. For lack of space we only sketch some proofs which will be detailed in a 
future extended version of this paper. 



Preservation of Static Correctness 

Theorem 1. For any Tickle program p, ifp is well-typed (in Tickle), then |p]p„j 
is well-typed (in Java). 

^ Note that this downcasting is only necessary when this is used for parameter passing 
or assignments, and is unnecessary when this is used in method calls or field selec- 
tion. This is so because in the latter cases field implementor of the object denoted 
by trueThis must be selected and implementor is declared in the type of trueThis. 
But, as already stated, we do not consider such optimization issues. 
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In order to be proved, the claim of the theorem must be extended to all 
subterms of p and, hence, to all typing judgments. The strengthened claim can 
be proved by induction on the typing rules. The claim concerning judgment for 
expressions is the most interesting, hence is stated below. 

The translation preserves types up to state classes, in the following sense: if 
a Tickle expression e has type t w.r.t. a program p and an environment 7, and e 
is translated into a Java expression e' that has type t' w.r.t. |p] and 7, then 
t = t', when t is not a state class, and t' is the root superclass of t, when t is 
a state class. For the Java fragment obtained from the translation we can use the 
Tickle type system, so that for any well-typed Java expression e we can derive 
judgments of the form p,y h e : t \\ 7(this) | 0, where t is the type of e. 

The fact that the type of this remains the same, and the set of effects is empty 
indicates that e contains no re-classifications. 

The claim for expressions can be formalized as follows: 

Lemma 1 . For any Tickle expression e, program p, environment 7, if 

- p, 7 h e : t I c I and 

- [e],.p.(p,7) = e', and 

prog P } 

then 

- p',7 h e' : TZ{p,t) || 7(this) || 0 . 

Preservation of Dynamic Semantics We now show that the semantics of ex- 
pressions is preserved by the translation. The semantics of the language Tickle we 
consider is the one introduced in [4] . Such semantics rewrites pairs of expressions 
and stores into pairs of values (or the exception nullPntrExc, indicating a ref- 
erence to a null object), and stores. Values, denoted by v, are either booleans, or 
integers, or addresses, denoted by i. Stores map the unique parameter^ x and the 
receiver this to values and addresses to objects. Objects are mappings between 
fields and values tagged by the class they belong to: [[f 1 : vi, . . . , fr : vj] We 
use o as a metavariable for objects, and if f is a field of o, o(f) is the value 
associated to f in o. 

The rewriting, defined in the context of a given program p that provides 
the definition for the classes used in the expression, is defined by the judgment 
e,a 'Y>- v,crb The syntax of Tickle and the one of the Java fragment consid- 
ered here are slightly different from the language of [4]. In particular there is a 
distinction between statements and expressions and classes have constructors. 
However, the definition of the semantics in [4] can be easily adapted to deal with 
these features. Note that the Java fragment contains also casting. However, we 
do not need rules for casting, since well-typing will insure that casting is applied 
to objects that already have the target type. 

® Recall that, for simplicity, we assume that in Tickle syntax each method definition 
has a unique parameter denoted by x. 
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To state the semantic correctness result we introduce a relation between 
stores p \- a K, a' that expresses the fact that store a' is the ’’translation” of 
store a. That is, an object o of class c in <t corresponds univocally to an object 
o' in <j' that is an instance of the translation of the class c. Both the store u and 
the store a' are assumed to agree with the relative environments and programs. 
That is, they contain values which agree, w.r.t. typing, with their definitions 
(see [4] for the formal definition of p, 7 h ct O). 

Definition 1. Let p, 7 h cr O and |p] , 7 h a' O. We say that v' in a' corresponds 
to \t in a w.r.t. p, and write p, cr, ct' h v « v', if either of the following conditions 
hold: 

— V = v' = true, or M = y' = false, or y = y' = n (for some integer n), or 
V = v' = null, or 

- y = L, y' = t! , a{i) = [[f 1 : vi, . . . , : vj] 

(r'(t') = [[f 1 : v']^, . . . , f q : Vq, impl : i", trueThis : d]] ^ 

(q <r) and 

= [[f 1 : v", . . . , fr : v", impl : t", trueThis : i']] 

and 

for all i, 1 < i < r, p, cr, cr' h Vi « vj', and 
if c is not a state class, then t! = t". 

Note that if c is not a state class, then 7?.(p, c) = c, and so q = r. With this 
notion of correspondence between values we can define a correspondence between 
stores. 

Definition 2 . Let p,7 h crO and |p],7 b a'O. We say that store a' corre- 
sponds to a w.r.t. p, and write p\- a ~ a' , if 

1. p,<J,a' h cr(x) « cr'(x), 

2. p,a,a' h cr(this) « (cr'(this))(trueThis), and 

3. for all b if cr{b) is defined there is a unique l' such that p,a,a' \~ uk. d , and 

4. for all i! if a'{b') is defined there is a unique i such that 
p,a,a' \- (cr'(t'))(trueThis). 

The last two conditions of the previous definition assert that there is an injection 
between the set of addresses defined in a and the set of addresses defined in a' . 

Theorem 2 . For a well-typed expression e, stores (Tq and ai such that p,7 b 
o’o O, bl,7 1“ cTi O and p b (To ~ CTi, 

e,CTo 77 v,cTo if and only if lej,cri 7^^ y',a[ 

where p b (Tq w a'l and p, cr, cr' b v « v' 

The proof is by induction on the derivation of e, cr v, cr'. The proof that, 
in case of field selection and method call, the right method is selected relies on 
the following fact. If p b cr « cr', then: for all l and c, cr(i) = [[•••]] ‘^ implies 
cr'(cr'(i')(impl)) = [[•••]] where p, cr, cr' b i w d . 



232 



Davide Ancona et al. 



Support for Separate Compilation For any Tickle program p, let classes (p) 
denote the set of all classes defined in p, and, for each class c in classes{p), depp{c) 
the set of all superclasses of c and of all classes (either directly or indirectly) 
used by c (for reasons of space we omit the formal definitions). The following 
claim states that a Tickle class declaration can be successfully translated in 
a Tickle program p whenever the set of dependencies of c is contained in p, 
exactly as happens for Java compilation. 

Theorem 3. For any well-formed Tickle program p and class declaration cld 
in p, if depp{class{cld)) C classes{p), then \cld\^u{p) is well-defined. 

Let strip be the function on Tickle programs defined as follows: 

strip(cldi . . . cldn) = strip(cldi) . . . strip(cldn) 
strip([root \ state] class c extends F{field* meth*}) = 

[root I state] class c extends c'{field* stripimeth*)} 
strip {methi . . . methn) = strip (methi ) . . . strip{methn) 
strip(t mit' x)4>{sl return e; }) = t mft' a;)((){return v(t); } 

{ false if t = boolecin 
0 if t = int 
null otherwise 

The following theorem states that translation of a Tickle class c depends only on 
the body of c and the type information of all other classes, namely, class kind, 
parent class, method headers and field declarations. This information is stored 
in a regular Java class file®, therefore the translation of c can be successfully 
carried out also when only the binary files of the other classes are available^. 

Theorem 4. For any Tickle program p and Tickle class declaration cld\, if 
lcldi}ad{p) = cld 2 , then {cld {strip {p)) = cld 2 - 



6 Conclusion 

We have defined a translation from Tickle (a Java-like language supporting dy- 
namic object re-classification) into plain Java, and proved that this translation 
well-behaves in the sense that it preserves static and dynamic semantics. This 
is a nice theoretical result, strengthened by the fact that, in order to ensure 
these properties, we were able to identify some invariants which turned out to 
be a very useful guide to the translation. 

Our concerns are not only theoretical, but we are interested in investigating 
the possibility of implementing an extension of Java with re-classification. From 
this point of view, our translation is a good basis since it exhibits the following 
additional properties: 

® Except for the kinds root and state, but class files format can be easily extended 
for storing this new piece of information. 

^ Note that this property does not depend on Java support for reflection. 
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— it is fully compatible with Java separate compilation, since each Tickle class 
can be translated without having other class bodies, hence in principle only 
having other classes in binary form; 

— dependencies among classes are exactly those of standard Java compilation, 
in the sense that a Tickle class can be translated only if type information on 
all the ancestor and used classes is available. 

Our translation is similar both in the structure of classes and in their behavior 
to the state pattern, see [5]. The wrapper class corresponds to the context class 
(of the pattern) and the implementation to the state class. Access to members 
require a level of indirection, as in the state pattern. So from the point of view 
of efficiency our implementation of reclassification performs as well as the state 
pattern. On the other side our translation maintains the structure of the original 
hierarchy, whereas the state pattern does not. 

A prototype implementation largely based on the translation described in 
this paper has already been developed [2].® However, the work presented here 
is only a first step towards a working extension of Java with dynamic object 
re-classification. On one side, an extension of full Java should take into ac- 
count other Java features (like constructors, access modifiers, abstract classes, 
interfaces, overloading and casting) which, though in principle orthogonal to 
re-classification, should be carefully analyzed in order to be sure that the inter- 
action behaves correctly. On the other side, as mentioned above, an extended 
compiler should be able to work even in a context where only binary files are 
available, while our prototype implementation works on source files. 

Finally, an alternative direction for the implementation of Tickle (or, more 
generally, of an object-oriented language supporting dynamic re-classification of 
objects) could be in a direct way, through manipulation of the object layout or 
the object look-up tables. 

References 

1. D. Ancona, G. Lagorio, and E. Zucca. Jam - a smooth extension of Java with 
mixins. In ECOOP’OO, volume 1850 of LNCS, pages 154-178. Springer, 2000. 216 

2. Christopher Anderson. Implementing Fickle, Imperial College, final year thesis - to 
appear, June 2001. 217, 233 

3. C. Chambers. Predicate Classes. In ECOOP’93, volume 707 of LNCS, pages 268- 
296. Springer, 1993. 215 

4. S. Drossopoulou, F. Damiani, M. Dezani-Ciancaglini, and P. Giannini. Fickle: Dy- 
namic object re-classification. In J. L. Knudsen, editor, ECOOP’Ol, number 2072 
in LNCS, pages 130-149. Springer, 2001. Also available in: Electronic proceedings 
of FOOL8 (http://www.cs.williams.edu/ kim/FOOL/). 215, 216, 217, 225, 227, 
230, 231 

5. R. Johnson E. Gamma, R. Elm and J. Vlissides. Design Patterns. Addison- Wesley, 
1994. 233 



The prototype is written in Java. Future releases might be written in (extended) 
Tickle. 



234 



Davide Ancona et al. 



6. M. D. Ernst, C. Kaplan, and C. Chambers. Predicate Dispatching: A Unified Theory 
of Dispatch. In ECOOP’98, volume 1445 of LNCS, pages 186-211. Springer, 1998. 
215 

7. M. Serrano. Wide Classes. In ECOOP’99, volume 1628 of LNCS, pages 391-415. 
Springer, 1999. 215 



Subtyping and Matching for Mobile Objects* 



Michele Bugliesi^, Giuseppe Castagna^, and Silvia Crafa^’^ 

^ Dipartimento di Informatica, Univ. “Ca’ Foscari” 
Venezia, Italy 

^ Departement d’Informatique, Ecole Normale Superieure 
Paris, France 



Abstract. In [BCCOO], we presented a general framework for extending 
calculi of mobile agents with object-oriented features, and we studied 
a typed instance of that model based on Cardelli and Gordon’s Mobile 
Ambients. Here, we refine our earlier work and define a new calculus 
which is based on Remote Procedure Call as the underlying protocol for 
method invocation, and on a different typing technique for method bod- 
ies. The new type system is equipped with a subtyping and a matching 
relation: the combination of matching with subtyping provides new in- 
sight into the relationship between ambient opening in the new calculus 
and method overriding in object-oriented calculi. 



1 Introduction 

Calculi of mobile agents are receiving increasing interest in the programming 
language community as advances in computer communications and hardware 
enhance the development of large-scale distributed programming. Agents are 
effective entities that perform computation and interact with other agents: the 
term “mobile” implies that agents are bound to locations and that this binding 
may vary over time; agent interaction, in turn, is achieved using resources such 
as communication channels. 

Independently of the new trends in communication technology, object-oriented 
programming has established itself as the de-facto standard for a principled de- 
sign of complex software systems. 

Drawing on our earlier work [BCOO, BCCOO], in this paper we study a formal 
calculus that integrates object-oriented constructs into calculi of mobile agents. 
The resulting calculus provides foundations for a computation model for dis- 
tributed applications, where conventional client-server technology — based on 
remote exchange of messages between static sites — and mobile agents coexist 
in a uniform way. 

The model results from extending the structure of named agents in the style 
of Mobile Ambients [CG98] with method definitions and primitive constructs for 
self denotation and message passing. The extension has interesting payoffs, as 
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it leads to a principled approach to structuring agents: specifically, introducing 
methods and message passing as primitive, rather than encoding them on top 
of the underlying calculus of agents leads to a rich and precise notion of agent 
interface and type. Furthermore, it opens the way to reusing the advances in 
type system of object-oriented programming and static analysis. 

With respect to our earlier work [BCOO, BCCOO] this paper brings two main 
contributions to the calculus. For the operational semantics, we study a new 
model of message passing and method invocation based on Remote Procedure 
Call (RPC)^. For the type system, we discuss a non-trivial blend of matching 
and subtyping relations. Method invocation based on RPC fits nicely the design 
of a typed distributed calculus as it allows method bodies to be type-checked 
locally, in the object where they are defined, independently of the caller. As a con- 
sequence, the choice of RPC as the underlying semantics of method invocation 
yields a notion of interface-type for our mobile objects that is substantially sim- 
pler and more tractable than the corresponding notion defined in [BCCOO]. The 
combination of subtyping and matching, in turn, conveys new insight into the 
relationship between method overriding in object-oriented calculi and the open 
capability in our mobile objects. As we show, matching is necessary in the type 
system to ensure type soundness for object opening in the presence of subtping^. 

Plan of the paper In Section 2 we introduce the calculus of mobile objects, 
named MA++ , based on the calculus of Mobile Ambients by [Car99, CG98]. 
Section 3 illustrates the expressive power of the calculus with several, diversified, 
examples. In Section 4 we study the type theory of our calculus, and state 
relevant properties. Related work is discussed in Section 5. Final remarks in 
Section 6 conclude our presentation with a discussion on current and future 
work. 

2 MA++ 

The syntax of the calculus is essentially the same as that originally defined 
in [BCCOO], and results from generalizing the structure of ambients to include 
method definitions, or interfaces, as in a[l-,P] , where P is a process and I is 
a list of method definitions, defined by the following productions: 

Processes P ::= 0 inactivity 

I P \ P parallel composition 

I a [ I ; P ] ambient 

I {vx)P restriction 

I M.P action 

^ RPC is often referred to as Remote Method Invocation (RMI) in this context. 

^ The new version of the type system also rectifies a flaw of the type system we 
presented in [BCCOO]. 
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Interfaces I ::= £(a;) > c(z)-P method 
I I :: J sequence 

I e empty interface 



Patterns x ::= x variable 

I {xi,...,Xn) tuple (n ^ 1) 

The syntax of processes is a generalization of the combinatorial kernel of the 
Ambient Calculus: 0 denotes the inactive process, P \ Q the parallel composition 
of two processes P and Q, a [i;^] denotes the object named a with interface 
I and enclosed process P, {v>x)P restricts the name x to P, and finally M.P 
performs the action described by the term M and then continues as P. 

Interfaces are lists of labels with associated processes: the syntactic form 
i{x)t>(;{z)P denotes a method labeled ^ whose associated body is the process P 
where the <;-bounded variable z is the self parameter distinctive of object calculi, 
representing the method’s host object. Finally, the pattern x is the tuple of input 
parameters for P. 



Terms M, N 



a,6, ... 


,x,y.. 


. name/ variable 


(Ml,.. 


.,M„) 


tuple (n ^ 0) 


MM 




path 


e 




empty path 


in a 




enter a 


out a 




exit a 


open a 




open a 


a send 1{M) 


remote invocation 



Terms include the capabilities distinctive of Mobile Ambients. In addition, our 
ambients are equipped with a capability for remote method invocation: the ex- 
pression a send £{M) invokes the method labeled i residing on the object denoted 
by a with arguments M . 

In the following we let P,Q,R,... range over processes, I, J over (possibly 
empty) interfaces, and use lower case letters to denote generic names, reserv- 
ing a, 6, . . . for ambient names, and x,y, . . . for parameters, whenever possible. 
Method names, denoted i, range over a disjoint alphabet and have a different 
status: they are fixed labels that may not be restricted, abstracted upon, nor 
passed as values (they are similar to field labels in record-based calculi). We omit 
trailing or isolated 0 processes and empty interfaces, using M, o[I] , a[P] , and 
a[ ] as shorthands for, respectively, M.O, a[I; 0] , a[0; P] , and a[0; 0] . 
Throughout, we use the terms “ambient” and “object” interchangeably. 



2.1 Operational Semantics 

We define the operational semantics of the calculus by means of a structural 
congruence and a reduction relation. As usual, the former is used to rearrange 
a term in order to apply the latter. 
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Structural Congruence Structural congruence for processes is defined in terms 
of an auxiliary equivalence relation =i over interfaces, given in Figure 1. This 
relation allows method definitions be reordered without affecting the behavior 
of the enclosing object: reordering of methods, in turn, is used to define the 
reduction of method invocation. 



(Eq Meth Assoc) (I 


:J): 


L 


=il: 


: (J:: 


L) 


(Eq Meth Comm) I : 


m{x 


m) ^ 


P;£{y^)t>Q =i I : 


: £{ye 


) t> Q :: m{xm) 0 P £ m 


(Eq Meth Over) I : 


£{x) 


t>P 


::^(®)l>Q::I=iI: 


: £{x) 


oQ 



Fig. 1. Equivalence for methods 



Definitions for methods with different name and/or arity may freely be per- 
muted (Eq Meth Comm); instead, if the same method has multiple definitions, 
then the right-most definition overrides the remaining ones (Eq Meth Over). Sim- 
ilar notions of equivalence can be found in the literature on objects: in fact, our 
definition is directly inspired by the bookkeeping relation introduced in [FHM94]. 

Structural congruence of processes is defined as the smallest congruence that 
forms a commutative monoid with product | and unit 0, and is closed under 
the rules in Figure 2, where the set fn of free names is defined by a standard 
extension of the definition in [Car99] . 



(Struct Res Dead) 


{i/x)0 = 0 




(Struct Res Res) 


{vx){uy)P = {vy){ux)P 


xf^y 


(Struct Res Par) 


{vx){P 1 Q) = P 1 {vx)Q 


X 0 /n(P) 


(Struct Res Amb) 


(vp)a[l-, P] = a[I; [vp)P] 


p /n(I) U {a} 


(Struct Path Assoc) 


{M.M').P = M.M'.P 




(Struct Empty Path) 


e.P = P 




(Struct Cong Amb Meth) 


I =i J => a[I; P] = a[J; P] 





Fig. 2. Structural congruence for processes 



The first block of clauses are the rules of the 7r-calculus. The rule (Struct Path 
Assoc) is a structural equivalence rule for the Ambient Calculus, while the rule 
(Struct Res Amb) modifies the rule for ambients in the Ambient calculus to 
account for the presence of methods. Rule (Struct Cong Amb Meth) establishes 
ambient equivalence up to reordering of method suites. In addition, we identify 
processes up to renaming of bound names: {h>p)P = {i>q)P{p := g} if ^ fn{P)- 



Subtyping and Matching for Mobile Objects 239 



Reduction Relation The reduction semantics of the calculus is given by the 
context rules in Figure 3, plus the notions of reduction collected in Figure 4, 
that we comment below. 



p' = 


P, P 


— > Q, Q = Q' ^ P' 


^Q' 


p 


—* Q ^ a[ 


I;R] 


-» a[I; Q] 


p 


Q => 


'vx)P —* {vx)Q 




p 


->Q^P 


1 R^ 


Q 1 R 






Fig. 3. Structura 


rules for 


reduction 






{in) 


b[l- 


in a.P IQ] 1 a[ J ; 


R] — ► a[I ; R 


1 b[3-,P\ 


Q]] 




{out) 


a[I; 


6[ J ; out a.P \ Q] 


R] 


^ b[J-,F 


IQ] 1 a[ 


I; R] 




( open) 


open 


a.P 1 a[Q] — ► P 


Q 










{update 


b[i- 


open a.P \ a[ J ; Q ] 


1 R] 


- 6[I:: 


J; R 1 Q 1 


R] 


for J 7 ^ e 


{send) 


6[I; 


a send £{M).P \ Q] 


1 “[J 


:: £{x) t> ?( 


z)R- S] 










^ b[l-F 


IQ] 


a[ J :: £{x 


)><;{z)R; 


R{z, X 


~a,M} 1 S] 



Fig. 4. MA++ reduction rules 



The first three rules are exactly the same as the corresponding rules for Mo- 
bile Ambients. Rule {update) is a direct generalization of the open rule that 
handles the case when the opened ambient contains a non-empty set of method 
definitions. If a is one such ambient, open a may only be reduced within an 
enclosing ambient: as a result of reduction, the process local to a is unleashed 
within the opening ambient, and the interfaces of the opening and the opened 
ambients are merged as shown by the definition of the rule. The rule {send) han- 
dles the new syntactic construct for method invocation, implementing the RPC 
model. The notation R{z,x := a,M} indicates the simultaneous substitution 
in i? of a for z and of M for x. Informally, the result of the ambient b sending 
message i to its sibling a, with argument M, is the activation of the process 
associated with £ on the receiver a, with M substituted for the input pattern x 
and the self parameter dynamically bound to the name of the receiver. 

3 Expressive Power 

We discuss a number of constructs that can be expressed in our calculus, in- 
cluding constructs for method overriding distinctive of object calculi, various 
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forms of process communication, as well as different primitives of method in- 
vocation. Some of these examples have been already presented in our earlier 
work [BCCOO] where, however, they were defined in terms of a different seman- 
tics for method invocation based on Code On Demand. Throughout this section, 
we use the terms “protocol” and “encoding” as synonyms: technically, this is an 
abuse of terminology, as we don’t claim the protocols to really be encodings, i.e. 
interference-free simulations of the constructs in question. 

3.1 Parent-Child and Local Communications 

As a first example, we look at alternative models for method invocation. Having 
having chosen RPC as our primitive semantics, we now discuss other models, 
such as those described in Figure 5, for sending messages from an ambient to its 
parent or children, or to its own methods. 



(downsend) a downsend | a\\ t{x) > <;{z)Q \ R\ 

—* P I a[I :: (,{x) > <;{z)Q ; R \ Q{z := a, x := M} ] 

(upsend) a[I :: £(x) t> <;{z)Q ; P | 6[ J ; a upsend £{M).P] ] 

a[I :: £{x) ><;{z)Q ■, R \ Q{z := a,x := M} \ b[.] ; P] ] 

(local) a\l £(x) ><;(z)Q ■, a \oca\ £{M) .Pi \ P 2 ] 

-» a[I :: £(x) t> (;{z)Q ; Q{z, x ~ M, a} | Pi \ P 2 ] 

Fig. 5. Other constructs for method invocation 



Parent-to- child invocation. The intended behavior for this form of method invo- 
cation can be obtained by defining the construct for downward method invoca- 
tion as follows, where p,q ^ fn(M) U fn(P)): 

a downsend £(M).P = (i/p, g) (p[ a send ^(M).g[ out p] ] | open g. open p.P) 

Informally, we temporarily create a new ambient p that becomes a sibling of the 
receiver a on which it invokes the method; the ambient g is used for synchroniza- 
tion, to guarantee that the ambient p be destroyed only after the receiver has 
served the invocation. It is a routine check to verify that the desired effect of the 
invocation is achieved by a sequence of reduction steps. To ease the notation, 
we give the reduction steps in the simplified case of a method which does not 
have parameters and does not depend on seZ/ (neither of the two simplifications 
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affects the protocol): 
a downsend i.P \ a[£t> Q ■, R] 

= (i/p, g) ^p[a send £(M).g[out p] ] I open g.open \a\it>Q]R'\ 

-> {up, q) {p[ g[ out p ] ] I open g.open p.P) \a[£i>Q\R\Q\ 

\ U[] I open g.open p .P) |a[£t>Q;P|Q] 

->*P I a{£>Q- R I Q\ 

Local and Self Invocation. Local method invocation within an ambient a is en- 
coded similarly to the previous case. Choosing p,q ^ fn{M)Ufn{P), one defines: 

a \oca\ i{M) .P = {vp,q) (p[out a. a send ^(M).ina.g[out p\ ] | open g.open p.P) 

Relying upon this definition, it is then easy to define self-invocation within 
method bodies. To exemplify, consider the following process: 

a\£i{x) [> <;(z)z local £2(2;) :: £2{x) 0 P ; R] 

Invoking the method ii from outside the object a results in the execution of the 
process P in parallel with R within a. 

Child-to-parent. We conclude our survey of alternative models of method invo- 
cation with a form of upward invocation, whereby an ambient invokes a method 
residing in the enclosing ambient. A first definition of the construct is simply 

a upsend £{M).P = out a. a send £{M).\n a 

One problem with this definition is that it requires a move of the sender. As 
an alternative, one may envisage a different protocol that relies on an auxiliary 
ambient. Assume that the invocation occurs within an object b, and that b is 
directly enclosed into a: 

a upsend £{M).P = 

{1/ p,q) (p[ out 6 . out a. a send £{M).\n a. in 6 .g[ out p] ] | open g.open p.P) 

The definition is easily understood by simply looking at the chain of capabilities 
inside the ambient p. First, the ambient p exits its parent ambient 6, then exits 
the ambient a (that contains the method to be invoked), then performs the 
message send and is finally destroyed after having opened the locking ambient q. 
It should be noted that a formal specification of the protocol requires that the 
definition be given parametrically with respect to the enclosing ambient (b in 
the definition given above). 
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3.2 Replication 

The behavior of replication in concurrent calculi is typically defined by a struc- 
tural equivalence rule establishing that \P =IP \ P. In our calculus, we can 
provide a similar construct by relying upon the implicit form of recursion un- 
derlying the reduction of method invocation. Let he p,q ^ fn{P): 

IP = (v'p,q) (p downsend !().open q.P \ 

p[ ! 0 c(2)(g[out 2.2: downsend !().open q.P \ ) ; ] ) 

The reduction for the encoding of !P is then the following: 

\P = {up, q) (^p downsend !().open q.P | p[ ! i> c(-2;)((7[ •••]); ] ^ 

—* (up,q) (open q.P \ p[ ! >c(z)(...) ; g[out p.p downsend !().open q.P\ ] ) 
(i>'p,g) (open q.P I g[p downsend !(). open g.P] | p[ ! > c(2)(...) ; ]) 

— ► {up, q) {P \ p downsend !().open q.P | p[ ! c> c(2)(...) ; ] ) 

= P I !P 

Notice that there is just one capability ready to be exercised at each reduc- 
tion step. Furthermore, the process P is activated only after the opening of the 
ambient q, hence it does not interfere with the protocol. 

3.3 Code on Demand 

We continue our series of examples showing a protocol for method invocation 
based on Code on Demand (CoD). The behavior CoD can be described as fol- 
lows: a client c invokes a method i on a server s; the server activates the method 
and then sends it back to the client for the latter to execute it. Formally this 
correspond to the following reduction rule: 

c[ J ; s send_cod£(M).P I S'] | s[I :: £(a;) c> ?(2)Q ; P] — ► 

c[J ; Q{z,x := s,M} | P | S] | s[I :: i{x) x;{z)Q ; P] 

The intended behavior can be obtained by defining the sender and the receiver 
ambients as follows: 



server = s[I :: ^{u,v,x)\> c(2:)it[out 2. in v.Q\ ; P] 

client = c[J; {up)s send £(p, c, M).open p.R \ S] 

The protocol relies on the agreement between the server and the client upon 
the name of the ambient that carries the activated process back to the client. 
This name is decided locally by the client which passes it as an argument of the 
call together with its own name. Invoking i{p,c.M) spawns a new process on 
the server that simply carries the ambient p out of the server and back into the 
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client c: once inside c, the transport ambient p is opened thus unleashing the 
process Q to be executed on the client. 

The protocol can be refined by having the client pass a “return path” rather 
than just its name. In that case, the client would be in the position to choose 
where to receive and execute the requested method (e.g. , in one of its subam- 
bients). 

3.4 Updates 

The standard notion of method override in formal object calculi [AC96, FHM94] 
can be rephrased in our calculus, as follows: 

given the ambient a[ I ::£{x) > Q ] replace the current definition P 

of £ by the new definition P' to form the ambient a[ I :: £{x) > <,{z)P'] Q ] . 

Method updates in this form can be expressed in our calculus by means of a pro- 
tocol that uses an “updater” ambient to carry the new method body inside the 
ambient to be updated. The updater enters the ambient a to be updated, and 
the latter has a controlling process that opens the updater thus allowing updates 
on its own methods. The protocol is defined precisely below in an asynchronous 
setting, with the update defined as a process term: a similar encoding can be 
defined for synchronous updates. Moreover, the definition only allows local up- 
dates, in that an ambient may only override methods contained in subambients 
(of course other kind of updates can be expressed similarly) 

A method update is denoted by a update £{x) c> <^{z)P, read “the £ method 
at a gets definition P ” , and is defined as the following process: 

a update £(£c) i><j( 2 )P = UPD[^(a;) t> c( 2 ;)P; in a] 

The ambient to be updated may now be defined as follows: 

a*[I; P\ = a[I; !(open upd) | P\ 

Now, if we form the composition a update £{x)t><;{z)P' \ a* [I :: £{x) t> ^{z)P ; Q ] , 
the reduction for open enforces the expected behavior: 

a update^(a:)>c( 2 ;)P' I a*[I :: ^(a;) [>c(z)P; Q] — ►* £{x)\x^{z)P' ] Q\ 

Multiple updates for the same method may occur in parallel, in which case their 
relative order is established nondeterministically. The protocol, as defined, relies 
on the assumption that the name upd of the updater carrying the new method 
body is “well known”. A more realistic assumption is that the ambient to be 
updated and the context agree on the name of the updater prior to start the 
protocol. This can be accomplished with a different definition of the ambient to 
be updated, one that assumes that such ambients come with an ad-hoc method 
that sets the appropriate conditions for the actual update to take place. The upd 
method below serves this purpose. 

a*[I; P] = a[I :: Mpd(w) [>?( 2 :)open u; P] 
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Now, the protocol comprises two steps. First the ambient to be updated receives 
the name of the updater, and only then does the update take place: 

a update £(a;) 0 c( 2 )P = (z/'p) (a downsend Mpd(p).p[ £(a;) c> c(^)P ; in a] ) 

3.5 Encoding the tt- C alculus 

As a final example, we define constructs for synchronous and asynchronous com- 
munication between processes (all processes, not just ambients) over named 
channels. Similar construts for channel-based communication are presented in 
[CG98], based on the more primitive form of local and anonymous communi- 
cation defined for the Ambient Calculus. Here, instead, we rely on the ability, 
distinctive of our ambients, to exchange values between methods. We first give 
a construct for synchronous communication. 

A named channel n is represented by an “updatable” ambient n, and three 
auxiliary ambients n*, n° and h used for synchronization. The ambient n defines 
a method ch: a process willing to read from n installs itself as the body of this 
method, whereas a process willing to write on n invokes ch passing along the 
argument of the communication. 

{ch n) = n* [ ch(x) > 0 ] | n® [ ] 
n\{y).Q = open n°.n downsend ch(j/).open n.(n®[ ] | Q) 
nl{x).P = open n®. n update ch(a;) t> (h[out n.P\ ) ,n°\ ] 

The steps of the communication protocol are as follows. A process nl{x).P read- 
ing from n first grabs the input lock n® provided by the channel, then installs 
itself as the body of the ch method in n, and finally releases the output lock n°. 
Now the writing process can start its computation: after acquiring the lock n°, it 
sends the message ch{y). The message activates the process h[ out n.P{x := y} ] 
inside n. One further step brings the ambient n outside n where it is opened by 
the output process: this last step completes the synchronization phase of the 
protocol, and both processes may continue their computation. The output pro- 
cess releases a new input lock to reset the channel to its initial condition, and 
the protocol is completed. 

Asynchronous communications are obtained directly from the protocol above, 
by a slight variation of the definition of nl{A).Q. We simply need a different way 
of composing Q with the context: 

n\{y).Q = (open n° .n downsend ch(y).open fi.(n®[ ] )) | Q 

Based on this technique, we can encode the synchronous (and similarly, the asyn- 
chronous) polyadic 7r-calculus in ways similar to what is done in [CG99]. Each 
name n in the 7r-calculus becomes a quadruple of names in our calculus: the 
name n of the ambient dedicated to the communication, the names n® and n° of 
the two locks, and the name h of the auxiliary ambient. Therefore, communica- 
tion of a TT-calculus name becomes the communication of a quadruple of ambient 



names. 
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The initialization of the ch method in the ambient that represents the channel n 
could be safely omitted, without affecting the operational properties of the en- 
coding. However, as given, the definition scales smoothly to the case of a typed 
encoding, preserving well- typing. 



4 Types and Type Systems 



The structure of ambient, capability and process types is similar to that of 
companion type systems for Mobile Ambients: their intended meaning, instead, 
is different. 



Signatures S ::= 
Ambients A ::= 
Capabilities C ::= 
Processes V ::= 
Values V ::= 
Types T ::= 



( 4(v.) 

Amb[A] 

Cap[A] 

Proc[A] 

A I C 

X \A\C\V 



Signatures convey information about the interface of an ambient, by listing the 
ambient’s method names and their input types. The type Amb[A] is the type of 
ambients with methods declared in A, while the types Cap[A] and Proc[A] are 
the types of capabilities and processes, respectively, whose enclosing ambient (if 
any) has a signature containing at least the methods included in X. 

The type V identifies the type of the expressions that may occur as arguments 
for method invocation, and defines them to be ambient names and capabilities. 
The complete syntax of types includes type variables, which are used in the 
typing rules for the typing of method bodies, as we explain shortly. 



4.1 Subtyping and Matching 

To enhance the flexibility of ambient typing and mobility, a subtype relationship 
is introduced over capability and process types, as defined by the two following 
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core rules. 



(Sub Cap) 
EC S' 



(Sub Prog) 
SC E‘ 



Cap[r] < Cap[^'] Proc[r] < Proc[i:'] 



Informally, the rules state that a capability (resp. process) type Cap[Z'] (resp. 
Proc[i7]) is a subtype of any capability (resp. process) type whose associated 
signature (set theoretically) contains E. The resulting relation of subtyping is 
reminiscent of the relation of subtyping in width distinctive of type systems for 
object calculi. Width subtyping is restricted to capability and process types, and 
does not extend to ambient types, as the extension would break type soundness in 
the presence of ambient opening. The reason is explained, intuitively, as follows: 
when opening an ambient, one needs exact knowledge of the contents of that 
ambient — specifically, of what exactly is the set its methods and their types — 
so as to ensure that the possible method overrides resulting from the opening be 
traced in the types. 

As a result of capability and process subtyping, it is nevertheless possible, 
from within an ambient with interface E, to open any enclosed ambient with in- 
terface E' C E, where the inclusion may be strict. To account for this flexibility, 
we introduce a relation of matching [Bru94] over ambient types to complement 
the subtype relation over capability and process types. The relation of matching 
is defined by the following rule: 



The complete definition of subtyping and matching includes standard rules for 
reflexivity and transitivity (not shown). Also, as customary, the subtyping rela- 
tion is endowed in the type system via a subsumption rule, while matching is 
not. 

A further remark is in order to explain the role of type variables in the 
syntax of types. As we noted, due to the presence of ambient opening, a method 
residing in ambient, say a, may be re-installed inside any ambient, say 6, that 
opens a; furthermore, the (sub)typing rules provide guarantees that b has “more 
methods” than a. Now, in order for the original typing of the methods residing 
in a to be sound after the methods have been re-installed in 6, one must ensure 
that the bodies of these methods be type-checked under appropriate assumptions 
for the type of self: specifically, this type should be so defined as to represent 
the type of all ambients where the methods may eventually be re-installed, via 
opening. This is accomplished in the type system by typing method bodies in 
type environments that assume the so-called MyType [Bru94] typing for the self 
variable, i.e. a match-bounded type variable X<f/=A, where A is the type of the 
ambient where the methods are initially installed. 

Our relation of matching, and the technique of MyType typing of methods we 
just outlined are simplified versions of the corresponding relation and technique 



(Match Amb) 



r h o E' CE 



r ^ Amh[E]<^ Amh[E'] 
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originally introduced in [Bru94]. The simplifications result from the syntax of 
types, and specifically from our ambient types being simple, i.e. not containing 
occurrences of type variables (neither free, nor bound). As a consequence, the 
type system does not support MyType method specialization [Bru94, FHM94], 
the 00- typing technique that allows method-types to be specialized when meth- 
ods are inherited (or, in our context, when they are subsumed in an opening am- 
bient). Instead, in our calculus a method body has always the same type (the one 
declared in S), independently of the dynamic binding of its self variable. This is 
not surprising, as our method bodies are processes with no return value, hence 
they are dealt with essentially as methods with return type unit in imperative 
object calculi. 

4.2 Judgements and Typing Rules 

The typed syntax of the calculus is described by the productions below: 
Interfaces I ::= £{x) t> <;{z)P | I :: I | e 
Processes P ..= 0 | P\P \ a[I; P] | {vx-.A)P \ M.P 
Expressions M ::= x \ (Mi, . . . , M„) | x send £{M) | in a; | out x \ open x \ e 

The only type annotations in the syntax are those introduced by the restriction 
operator: the types for all the other variables are directly inferred from the 
existing annotations. Also note that we take method names to be fixed labels 
that may not be passed as values, nor restricted. The first restriction is justified 
by the fact that method names are part of the structure of ambient (capability 
and process) types; as a consequence, lifting this restriction would be possible 
but it would make our types (first-order) dependent types. Instead, lifting the 
second restriction is possible, and in fact not difficult, even though it complicates 
the format of the typing rules. For this reason we will disregard this issue in what 
follows. 

Type environments are lists of term and type variable declarations, as de- 
fined by the following productions: F ::= 0 | P, a; : W | F,X<^A. The typing 
rules derive the following judgement forms, where we let W range over the set 
{X,A,C} of extended value types: 



The complete set of typing rules is presented in Appendix A, the most interesting 
are discussed below. We start with the rule for typing ambient opening. 



P h M : W 
Fh X<^A 
Fh P:F 
FhT 



well-formed type 
well-formed type environment 



M has type W 
X matches A 
P has type V 



Pho 



(open) 

P h a : Amb[A'] 



P h open a : Cap[i7] 
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As we noted earlier, opening an ambient requires precise knowledge of the type 
of the ambient being opened: this is expressed in the rule by fact that the type 
of the ambient a is an ambient type, not a type variable. Opening a is now legal 
under the condition that the signature of the opening ambient be equal to (in 
fact, contain, given the presence of subtyping) the signature of the ambient being 
opened. This condition is necessary for type soundness, as it guarantees that an 
ambient may only update existing methods of the opening ambient, preserving 
their original types. 

(Message) 

T h a : W T h Amb[ i{V') ] T h M' : V' 

T h a send i{M') : Cap[A] 

The rule (Message) states that invoking method i on an ambient a requires the 
type of a to match an ambient type containing the method Note that the type 
of a may either be an ambient type matching (i.e. “longer” then) Amb[£(V')], 
or else an unknown type (i.e. a type variable) occurring match-bounded in the 
context r . Since the body of the invoked method is activated on the receiver 
(rather than on the sender) no constraint is required on the type of the send 
capability. Of course, in order for the expression to type check, the message 
argument and the method parameters must have the same type^. 

(Amb) (A = ( 4(V.) )*^0 

Tha:Amb[A] F, Z<^ kmb[S], z\Z,Xi:Vi'r Pi : Proc[S] T h P : Proc[A] 

P b a[{£,{x,)>^{z)P,) ; P] : Proc[A'] 

The rule (Amb) for typing ambients is similar to the typing rule for objects 
in the calculus of extensible objects of [BB99]. Each method of the ambient is 
type-checked under the assumptions that (i) the self parameter has a type that 
matches the type of the enclosing ambient, (ii) method parameters have the 
declared type, and {Hi) the type of each method body be consistent with the 
type of the enclosing ambient. As we noted earlier, the use of the match-bound 
type variable Z as the type of self ensures that methods local to ambient a are 
well- typed also within any other ambient that might eventually open a. On the 
other hand, the typing rule does not support MyType method specialization, as 
the types of method bodies are independent of the type of self. 

Also note that the rule requires exact knowledge of the type of the ambient a: 
a structural rule allowing the name of the ambient to be typed with a match- 
bounded type variable would break type soundness, since we would not have 
a precise control of the openings of that ambient (see rule (open)). Finally, no 
constraint is imposed on the signature A', associated with the process type in 
the conclusion of the rule, as that signature is (a subset of) the signature of the 
ambient enclosing a (if any). 

® In fact, since capability types can be subtyped, the type of the arguments can be 
subtypes of the type of the formal parameters. 
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4.3 Subject Reduction and Type Soundness 

We conclude the description of the basic type system with a result of subject 
reduction. The proof is rather standard, and only sketched due to lack of space. 

Lemma 1 (Substitution). 

1. If r,x : W h P : V and r h M : W , then P h P{x := M} : V. 

2. If P,Z<#A,z : Zh P :V and P h a : A' , PhA'<ifA, 

then P h P{z := a} : V. 

Proof. By induction on the derivation of the first judgment in hypothesis. 

Lemma 2 (Subject Congruence). 

1. If P \- P : Proc[i7] and P = Q then P \~ Q : Proc[L'] . 

2. If P \- P : Proc[i7] and Q = P then P \~ Q : Proc[27]. 

Proof. By simultaneous induction on the derivations of P = Q and Q = P. 

Lemma 3 (Bounded Weakening). 

1. If P.x-.W'r P -.V andP'rW <W then P,x '.W 'r P ■. V . 

2. If P,Z<4fA,z:Z^ P :V andP^ A'<4fA then P, Z<ff A' , z:Z ^ P : V . 

Proof. By induction on the derivation of the first judgment in hypothesis. 

Theorem 1 (Subject Reduction). 

If P \- P : Proc[L'] and P—*Q then P \- Q ■. Proc[i7]. 

Proof. By induction on the derivation of P—*Q, and a case analysis on the last 
applied rule. 

Besides being interesting as a meta-theoretical property of the type system, 
subject reduction may be used to derive a type safety theorem ensuring the 
absence of run-time (type) errors for well- typed programs. The errors we wish 
to statically detect are those of the kind “message not understood” distinctive 
of object calculi. With the current definition of the reduction relation such er- 
rors may not arise, as not-understood messages simply block: this is somewhat 
unrealistic, however, as the result of sending a message to an object (a server) 
which does not contain a corresponding method should be (and indeed is, in real 
systems) reported as an error. 

To state and formalize type safety, we instrument the reduction relation with 
an additional error reduction, state as follows: 

a[l; P\b send i{M).Q] \ &[J; i?] -► a[I; P \ ERR] | &[J; R] {£ ^ J) 

where ERR is a distinguished process, with no type. The intuitive reading of the 
reduction is that a not-understood message causes a local error — for the sender 
of that message — rather than a global error for the entire system. The rule 
above is meaningful also in the presence of multiple ambients with equal name. 
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as our type system (like those of [CG99, CGG99, LSOO]) ensures that ambients 
with the same name have also the same type. 

It is easy to verify that no system containing an occurrence of ERR can be 
typed in our type system. Type safety, i.e. absence of run-time errors may now 
be stated follows: 

Theorem 2 (Soundness). Let P be a well-typed AL4++ proeess. Then, there 
exist no eontext C[— ] sueh that P — ►* C[ERR]. 

5 Related Work 

In the literature on concurrent object-oriented programming, papers can be clas- 
sified in two basic categories. The first category includes papers that provide 
semantics to objects by encoding them into process calculi. Examples of sys- 
tematic translations of objects into the 7r-calculus can be found, for instance, 
in [Wal95, HK96, San98, KS98]. 

Papers in the second category propose formal calculi where primitive con- 
structs for objects and for concurrent processes coexist. Within this class, one 
can further distinguish two complementary approaches. In the first, high-level 
object-oriented constructs are defined on top of name-passing process calculi 
[Vas94, PT95, FMLROO]. In the second, primitives for concurrency are built on 
top of imperative object calculi, in ways related to those we have discussed in 
this paper. Below we present a detailed discussion on papers closest to ours. 

Gorgon and Hankin’s eone(,-ealculus [GH98]. The conc^-calculus is a concurrent 
object calculus that results from Abadi and Gardelli’s imperative object calculus 
by the addition of primitive constructs for parallel composition, restriction and 
synchronization via mutexes. Type systems for the calculus may be defined by 
sound extensions of existing type systems for the underlying object calculus to 
accommodate concurrency. 

There are several similarities between concc and our calculus. In particular, 
the semantics of method invocation, based on self-substitution was directly in- 
spired by [GH98]. As in our semantics, in [GH98] objects are explicitly named, 
and what gets substituted for the seZ/ variable is the name of the object rather 
then the object itself. 

The fundamental difference between the work of [GH98] and ours is that 
eoncc, does not address process mobility. In [GH98] distribution is completely 
disregarded, while in our framework objects may move through a hierarchy of 
nested locations, and communication (method invocation) often requires mobil- 
ity. Moreover, due to the interplay between the dynamic nesting of ambients and 
the communication primitives, more method invocation styles can be modeled 
in our framework. A further difference is that the syntax of concg includes se- 
quential composition of expressions that return results. This contrasts with the 
standard practice in process-based calculi [Vas94, PT95, Wal95, KS98], where 
the operation of returning a result is translated into sending a message on a re- 
sult channel. Even though we did not explicitly address the problem of returning 
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a result, it is easy to extend our framework by endowing agent interfaces not 
only with methods, but also with fields whose invocation returns an expression. 

A distributed version of conc<j is studied in [JefOO], where the syntax of the 
calculus is enriched with a notion of location, and threads are allowed to migrate 
across locations. A basic difference with our approach is that in [.JefOO] the author 
assumes a flat topology of locations, in which no explicit routing is required for 
mobility, and locations may not be created dynamically. Furthermore, in [.JefOO] 
only a subset of objects {serializable objects) can be sent across the network, 
and only the so-called located objects can be accessed via remote threads. 

The Ojeblik calculus [NHKM99], Ojeblik is a concurrent object-based language 
built on top of Obliq [Car95], Cardelli’s lexically scoped distributed program- 
ming language. In Ojeblik (and Obliq) object mobility is rendered by means of 
a migration mechanism that is accomplished by creating a copy of the object 
at the target site and then modifying the original (local) object such that it 
forwards future requests to the new (remote) object: The lexical scope rules of 
Obliq allow the aspects of distribution to safely be disregarded: object migration 
is then correct if the behavior of an object is transparent to whether the object 
has migrated or not. 

Our approach is very different. As in Mobile Ambients, we assume that 
the process a[I; P] is an abstraction for both an agent (client) and an ob- 
ject (server). This implies that in our framework mobile objects move without 
the burden of future obligations at the source location. A client agent willing to 
invoke a method of a server object, in turn, must approach the server in order to 
start the communication protocol. In addition, while the work on Ojeblik does 
not address typing issues, as we do for our calculus. 

6 Current and Future Work 

We have defined a core calculus for distributed and mobile objects on top of 
which several extensions can be defined. We conclude our presentation with 
a discussion on some of these extensions. 

Co-capabilities a la Safe Ambients. In [LSOO], Levi and Sangiorgi define a variant 
of Mobile Ambients in which the reduction relation requires actions (i.e. capabil- 
ities) to synchronize with corresponding co-actions. To exemplify, consider the 
ambients a[in b.P] \ &[Q] . In mobile ambients, the move of a into b is “one 
sided” as b simply undergoes the action. In Safe Ambients, instead, the move 
requires mutual agreement between a and b: in order for the move to take place, 
Q inside b must offer the co-capability coin b to signal that it is willing to be 
entered. Based on this synchronization mechanisms, Levi and Sangiorgi discuss 
a suite of type systems for on top of which they develop a rich algebraic theory 
for their Safe Ambients. 

Co-capabilities can be included in our calculus with no fundamental difficulty. 
In particular, one can include a co-capability listen a, the dual of the capability 
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a send , whose meaning is that the ambient a is ready to serve an invocation 
to one of its methods. For reasons of space, we do not describe the extension 
in detail. Nevertheless, it is instructive to point out one of the effects of the 
extension, showing how it allows us to derive a simple compositional encoding 
of the TT-calculus. 

{n?{x).P} = (t<p)(n[ c/i(a:) t> p[ out n. coopen p. ( P ) ] ; listen n.coout n] | open p) 
{n\{x) } = n downsend ch{x) 

{{vx)P} = {vx){P} 

{P\Q} i (P) I (Q) 

V-P} ^HP} 

(0) io 

( n ) = n 

Every input on a channel n generates a new ambient named n, waiting to syn- 
chronize with an output on n. Having received input, the transport ambient p 
carries (the encoding of) P out of n. Once outside n, p is dissolved and the 
continuation process P unleashed. Notice that the ambient n is left without ca- 
pabilities after having let the transport p out. As such, after synchronization, n 
is unavailable for interactions with the context, and thus behaviorally equivalent 
to the null process (which can be garbage collected). Also, the encoding can be 
shown to be interference-free, as the use of co-capabilities allows the definition 
of an interference-free encoding of output construct of the 7r-calculus, based on 
downward method invocation. 



Other Extensions. Further extensions to the core calculus include the addition 
of fields and refinements of the type system. 

In object calculi, fields are often represented as parameter-less methods, that 
do not depend on self. This direct representation is not possible in our calculus, 
as invoking a method spawns a process rather than returning a value, as one 
would expect from selecting a field. Nevertheless, it is not difficult of explicitly 
include new syntax for fields, and extend the reduction relation so that selecting 
a field returns a term rather than triggering a process. 

A different extension is to allow method names to be treated as ordinary 
names. This would allow one to restrict them, thus obtaining private methods, 
and to communicate them, thus obtaining dynamic messages. This is a straight- 
forward modification in the untyped calculus but it is quite problematic in the 
typed case since the possibility of communicating method names would naturally 
give rise to dependent types. 

These extensions, together with the study of type-driven security in the cal- 
culus are subject of our current and future work. 
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A Typing Rules 

Context formation 

(Env-empty) (ENV-x) (Env-X) 

r h W X ^ Dom{r) r h o X i Dom{r) 

E,a;:Who 



Type formation 

(Type X) (Type Amb) (Type Cap) (Type Prog) 

r,x<ffA,r'\-o rho rho cho 

r,X^A, r'h A ThAmb[X] T h Cap[X] T h Proc[X] 



Matching : Reflexivity, Transitivity and the following 

(Match X) (Match Amb) 

r,A^A,r'ho rho 

r,X<ffA,r' h X<ffA r h Amb[(£,(V,))*^^-"+'=]^ Amb[(4(V,))*^^-"] 



Subtyping and subsumption : Reflexivity, Transitivity and the following 

(Sub Cap) (Sub Proc) (Subsumption) 

ECS' ECS' r \- A:T T <T' 

Cap[i7] < Cap[X''] Proc[X'] < Proc[I7'] F \- A :T' 



Expressions 



(name/var) (e) 

rho rho 



(path) 

r h Ml : Cap[r] rh M 2 : Cap[X] 



rhs:r(a;) r h e : Cap[X] 



rh Ml. M 2 : Cap[X] 
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(open) (inout) 

r h a : Amb[r] T h M : W T h Amb[r] (M' e {in M, out M}) 
r h open a : Cap[i7] F h M' : Ca,p[S'\ 

(Message) 

rha:W ri-W^Amb[£(V') ] F[-M'-.V' 
r h a send £(M') : Cap[r] 



Processes 

(free) (par) 

r h M : Cap[^] r h P : Proc[r] P h P : Proc[^] P h Q : Proc[r] 

P h M.P : Proc[r] P h P | Q : Proc[r] 

(restr) (dead) 

P, x:A h P : Proc[^] P h o 

P h {vx\A)P : Proc[P] P h 0 : Proc[P] 

(Amb) (P = ( £,(V.) )*^^) 

Pha:Amb[^] P, Amb[^], z:Z, XiiVi h P* : Proc[r] P h P : Proc[A] 
P h a[(^,(x,) >?( 2 )P,) ; P] : Proc[i7'] 
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Abstract. The vr-calculus, its asynchronous version and Boudol’s map- 
ping from the former language to the latter one are well-known math- 
ematical objects in theoretical computer science. It is also well-known 
that the mapping is not fully-abstract w.r.t. most of the semantics de- 
fined over these two languages. 

In this paper we study and fix conditions on the existance of fully- 
abstract results for Boudol’s mapping (and its variants). The testing 
theories a la De Nicola-Hennessy turned out to be very useful tools for 
such a purpose. 



1 Introduction 

Concurrent and distributed systems use communication as a means to exchange 
information. Communication can be of two kinds: synchronous and asynchronous. 
A communication is synchronous when sending and receiving information be- 
tween a sender and a receiver are simultaneous events. A communication is 
asynchronous when sending and receiving information between a sender and 
a receiver do not necessarily happen at the same time instant. 

The TT-calculus [MPW92] implements a synchronous communication while 
the asynchronous 7r-calculus [Bou92] implements an asynchronous one. Since 
the latter language is essentially a subset of the former one, the natural ques- 
tion is whether or not the 7r-calculus can be somehow encoded into its asyn- 
chronous subset. This would mean that the synchronous communication can 
be “implemented” via asynchronous communication. Boudol’s mapping [Boii92] 
goes in such a direction. It views the synchronous communication as a sequence 
of asynchronous communications (a possible “simulation” of the synchronous 
communication) . 

If we denote with Vs the 7r-calculus, with Va the asynchronous 7r-calculus, 
with |_] the Boudol’s mapping and with TZ a generic equivalence generated by 
a semantic theory, then it is well-known that |_] (typically) does not preserve 
TZ] i.e., the following statement 

yP,QeVs, PTZQifandonlyiflPjTZlQj (1) 

does not hold (even for “non-severe” equivalences such as language equiva- 
lence) . An evidence of this fact can be found in [Bou92] , where the author proves 



A. Restivo, S. Ronchi Della Rocca, L. Roversi (Eds.): ICTCS 2001, LNCS 2202, pp. 256—268, 2001. 
© Springer- Verlag Berlin Heidelberg 2001 



On Synchronous and Asynchronous Communication Paradigms 257 



only the adequacy of the mapping (z/ implication) with respect to the Morris’ 
preorder. The other implication does not hold. 

This paper is still concerned with Boudol’s mapping from the 7r-calculus to 
the asynchronous 7r-calculus. We study and fix conditions on the considered 
languages and mapping in such a way that the statement (1) holds in both 
directions. In such a case we will say that |_] preserves TZ or |_] is fully-abstract 
with respect to TZ. 

The testing semantics a la De Nicola-Hennessy [DH84] are particularly suit- 
able to the present study. Of course, as it stated, there are counterexamples for 
the above statement whichever testing semantics is taken into account. Before 
going into the details, we briefly recall the main assumptions behind the testing 
scenario. It resorts on (i) a set V of processes to be tested (here concentrate on 
the TT-calculus and the asynchronous 7r-calculus) , (ii) a set O of tests or observers 
(these are processes that can perform a particular action w reporting success), 

(iii) a way to exercise a process on a given test (obtained by letting the process 
and the observer to run in parallel and by looking at the computations which 
this embedded process can perform. These computations can be successful or 
failing, depending on whether or not they allow the execution of action lo) and 

(iv) a general criterion for interpreting the results of these exercises. Different 
criteria have been defined which provide T’ processes with different semantics. 
For a given process P and observer o, 

- P may o if there exists a successful computation between P and o; 

- P must o if every computation between P and o is successful; 

- P fair o (proposed in [BRV95, NC95]) if each state of every computation 

between P and o leads to success after finitely many interactions. 

Each criterion above allows the natural definition of a corresponding preorder 
over V. For any P and Q, 'P processes: 

- P Qmay Q if and only if for each o € O, P may o implies Q may o; 

- P Qjjingf Q if and only if for each o € O, P musto implies Q musto; 

- P Q if and only if for each o G O, P fair o implies Q fair o. 

As already said, according to these testing theories, counterexamples can be 
found for the statement in (1). They are reported in full details in Section 5. 

We now show (first) how the testing theories can be refined in order to get 
a fully-abstract result (then we have to operate also at the language level) . The 
key idea is given by the following statement: 

P satisfies o iff |P] satisfies |o] (2) 

where satisfies can be either may , must or fair . This means that a process P 
can reach a successful state, when exercised on a test o, if and only if |P] can 
reach a successful state, when exercised on a test |o]. 

Though this idea can appear quite intuitive we show that it is not trivial at 
all. Indeed, this statement holds for the may testing relation and for the fair one. 
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while it does not scale to the must testing. This is due to the presence of possible 
divergent computations in the source programs and to the fact that an (atomic) 
synchronous communication between a sender and a receiver is implemented 
as a non atomic sequence of asynchronous communications. More in detail, the 
execution of this sequence may lead the system to states in which a sender process 
can proceed its execution while the corresponding receiver partner is still involved 
in simulating the synchronous communication. A phatological situation is when 
the receiver has the ability to perform the success action, after the completion of 
the simulation, while the sender can engage in a divergent computation. In such 
a case, however, the receiver has always the potential to perform the success 
action after finitely many interactions. This is mainly the reason why the fair 
relation holds (2). 

(2) suggests us to consider parameterized versions of the testing theories with 
respect to sets of observers. Formally, for a given set of observers O C O, 

- P ^may Q if only if for each o G O, P may o implies Q may o; 

- P Q if and only if for each o G O, P musto implies Q musto; 

jau 

-fair 



- P C? Q if and only if for each o € O, P fair o implies Qfairo. 



Of course any parameterized preorder coincides with the original one when O 
coincides with O itself. According to these new testing preorders and the obser- 
vations above, we have the following results: 

- P Q^ay Q iff 1^1 dmly IQl; 

- P Q iff IP] E}°i [Ql: 

- P ^must Q 1^1 -mist 1^1 round). 

Apart from this problem with must testing our study gives some insight on 
the reasons why the statement in (1) cannot hold for the original versions of 
the testing preorders. The set of processes in the asynchronous 7r-calculus which 
are mapping of some process in the 7r-calculus, indeed, is a strict subset of the 
whole language. Thus testing a process |P] with respect to a test which is not 
the coding of any process in the 7r-calculus means testing |P] over a set of tests 
which is “more powerful” than that available for testing P. 

In order to have a fully-abstract result for the must case, we restrict the 
source language by considering only those terms which are divergent-free; that 
is, those terms that can perform only finite internal computations. 

The rest of the paper is organized as follows. The next section briefly recalls 
a few basic notions; namely, the 7r-calculus and the asynchronous 7r-calculus. 
Section 3 presents the testing preorders of De Nicola and Hennessy, as well as 
their parameterized versions, and Section 4 presents Boudol’s mapping from the 
TT-calculus into the asynchronous 7r-calculus. Section 5, the core of the paper, 
studies fully-abstract results of the mapping. Section 6 contrasts our work with 
related ones while Section 7 contains a few concluding remarks and further work. 



This paper is an abridged version of [CCOO], where the reader can 
find all the proofs not included in the body of this extended abstract. 
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2 The TT-Calculus and the Asynchronous 7r-Calculus 

Let N (ranged over by x, y,z, . . .) be a set of names. The set Vs of 7r-terms is 
generated by the following (two level) grammar: 

P:-.= xy.P I -Pl-P I i^x)P I !P I G 
G::= 0 I x{y).P | t.P | G + G 

Terms in Vg are usually called processes. Input prefix, y(x).P, and restriction, 
{vx)P, act as name binders for name x in P. Consequently, the notions of free 
names, fn{-), bound names, bn{_), over process terms are as expected. The set 
of names of process terms, n(_), is defined as n(_) = /n(_) U 6n(_). 

The operational semantics of processes is given via labelled transition sys- 
tems. The states of such transition systems are Vs terms. The labels (ranged 
over by ^,7 , . . .) correspond to prefixes, input x{y), output xy and tan r, and 
bounded output x{y) (which models scope extrusion). If ^ = x{y) or y, = xy or 
y = x{y) we let sub{y) = x and obj{y) = y. Functions fn{S), bn{_) and n(_) are 
extended to cope with labels as follows: 

bn{x{y)) = {y} bn{x{y)) = {j/} bn{xy) = 0 6n(r) = 0 

fn\x\y)) = {x} fn{x{y)) = {x} fn{xy) = {x,y} fn{r) = % 

The transition relation defining the transitional semantics of processes is 
given in Table 1. =, used in Rule Cong, stands for the structural congruence 
over set Vs induced by the axioms and inference rules in Table 2. 

Notation: (P), where P & Vs, stands for P with some restrictions at the top 
level; i.e., (P) denotes {vx\){vx 2 ) ■ ■ ■ {vXn)P for some X\,X 2 , . . . , S Af (n > 0). 

Definition 1. ( Weak Transitions) Let P and Q be Vs processes. Then: 

- P Q if and only if P = Pq — ^ Pi — ^ Pn = Q for some n > 0 

and Po,Pi, . . . ,P„ e Vs] 

- P Q if and only if P Pi P2 Q for some Pi , P2 € Ps ■ 

Notation: Sometimes we write P =^) to mean that there exists P' 

such that P P' (P P') and write P to mean that there are P' 

and Q such that P P' and P' Q. 

The asynchronous 7r-calculus [HT91, Bou92] is the set Va of terms generated 
by the following grammar: 

Pv.= xy P|P I {vx)P I !P I G 

G::= 0 x{y).P | t.P | G + G 

The operational semantics of Va is given by the rules in Table 1, when rule 
Output/Tau is replaced by rules Output and Tan in Table 3. The axioms defining 
the structural congruence are the same as the ones in Table 2. Similar defini- 
tions and notation already given in the synchronous setting are assumed in the 
asynchronous one. Note that the Va calculus is a proper sub-set of Vs since the 
output-action process xy can be thought as a special case of output prefix xy.Q. 
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Table 1. Early operational semantics for Vs terms 




3 Testing Preorders 

We now briefly summarize the basic deflnitions behind the testing machinery to 
the TT-calculus and the asynchronous 7r-calculus. V denotes either Vs or Va- 

Definition 2. (Observers) 

- Let TV' = TV U {w} be the set of names. By convention we let fn(uj) = w, 
bn(uj) = 0 and sub(uj) = oj. Action to is used to report success; 

- The set O (ranged over by o, o', o", . . .) of observers is defined like V, where 
the grammar with non terminal P has extended with production P ::= w.P; 

- The operational semantics of V extends to O by adding rule: lu.o — > o. 

Definition 3. (Experiments) The set of experiments £ is the set { P \ o\ P G V 
and o G O}. 

Definition 4. (Maximal Computation) Given an experiment P \ o G £, & maxi- 
mal computation from P | o is an infinite sequence 
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Table 2. The structural congruence 



fli) P = Q iS Q can be obtained from P by alpha-renaming 
“ 2 ) iPsl=, I , 0) is a commutative monoid 
“ 3 ) (^s/=) + ,0) is a commutative monoid 

fl4) {P + P) = P 

as) !P = P|!P 

ae) {{vx)P I Q) = {ux){P \ Q), if x ^ fn{Q) 
ay) {vx)P = P, if a: ^ f^{P) 
as) {vx){vy)P = {vy){vx)P 

ag) {{vx)P + {ux)Q) = {i/x){P + Q) 



Table 3. The rules for Output and Tau in Va 



Output xy 0 Tau t.P P 



P\o={Po\oo)^ {Pi I 01) ^ (P2 I 02) ^ . 

or a finite sequence P\o = {Pq \ oq) {P\ \ o\) — ^ {Pn \ On) such that 

n > 0 and (P„ | o„) 7^. 

Definition 5. {May, Must and Fair Relations) Given a process P G V and an 
observer o G O, define: 

- P may o if and only if there exists a maximal computation 

P I o = (Po I 00) ^ (Pi I 01) ^ . (P, I o,) ^ . 

such that {Pi I Oi) for some i > 0; 

- P must o if and only if for every maximal computation 

P I o = (Po I 00) ^ (Pi I 01) ^ . (P, I o,) ^ . 

there exists i > 0 such that {Pi | Oi) 

- P fair o if and only if for every maximal computation 

P I O = (Po I 00) ^ (Pi I 01) ^ . (P, I o,) ^ . 

{Pi I Oi) =^, for every i > 0. 



Definition 6. ( Testing Preorders) Given two processes P,Q G V and a set of 
observers O C C>, define: 



- P Qmay Q only if for every o G O, P may o implies Q may o; 



- P 

- P 



-r^ust 



Q if and only if for every o G O, P musto implies Q musto; 



'^'fair ^ if for every o G O, P fair o implies Qfairo. 
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4 Coding the 7r-Calculus into the Asynchronous 
TT-Calculus 

This section recalls the coding from the 7r-calculus to the asynchronous 
TT-calculus [Bou92] and states some useful properties. 

Definition 7. {Coding Vs into Va) The mapping |] : > 'Pa has the fol- 

lowing basic clauses: 

|a; 0 .P] = {vu){xu \ u{v).{vz \ IT’D), where u,v ^ fn{P) 

|a;(?/).P] = x{u).{izv){uv \ f(y).|PDi where u,v ^ fn{P) 

the others are defined extending |] homomorphically over all the other operators. 

We now state two key properties relating (strong and weak) transitions out 
of terms in Vg and those out of their translations. The proof is not conceptually 
difficult but involved in the details (see [CCOO]). 

Proposition 1. Let P he a, Vs process. Then 

(i) P if and only if |P] — where sub{fi) = sub{'j); 

(ii) P if and only if |P] where sub{fi) = sub{j). 

5 Fully-Abstract Results of the Coding 

Let V and V' be two languages and |_] be a coding from the former to the latter 
language. Let TZ be an equivalence generated by a semantic theory. We say that 
the coding is fully-abstract w.r.t. TZ if and only if 

VP, Q GV, PTZQ li and only if |P] TZ |Q] . 

When considering the case V = Vs, V = Va and Boudol’s coding we have 
a negative result. Typically only the if implication holds. In order to have fully- 
abstract results we reduce the expressive power of the languages and refine the 
considered semantics. 



5.1 Full Abstraction of the Coding W.R.T. 

We start by considering the preorder. We prove a fully- abstract result 

for our coding w.r.t. Emay ■ particular we prove that two Vs processes P 
and Q are related by Emay^ ^ tests O, if and only if their translations 
|P] and |Q1 are related by Emay We first need a preliminary result. 

Proposition 2. Let P be a Ps process and O C O he a set of observers. Then, 
for every o G O, P mayo if and only if |P] may |o]. 
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Proof. We just prove the i/ implication, since the only if one is completely sim- 
ilar. Assume |P] may |o]. By definition, |P] may |o] if and only if there exists 
a maximal computation 

IP] I [o| = (To I oo) ^ (Ti I oi) ^ . (T, I o.) ^ . 

such that {Ti \ Oi) for some i > 0. By Definition 1 we can also write 
|Pl I |o] By Proposition 1, |P] | |o| = [P | o| if and only if 

P I o =^-^. Thus P mayo. 

From the previous proposition we have the expected result for may testing. 

Theorem 1. {Full abstraction of the coding w.r.t. ) 

Let P and Q be Vs processes and O C O be a set of observers. Then, 

P Qmay Q if and only if [P| d^ly [Q|. 

Remark: The fully-abstract result in Theorem 1 holds when the observers used 
to test |P] and |Q] in the asynchronous setting are the translations of the 
observers used to test P and Q in the synchronous one. 

The above condition is strictly needed, since if we allow observers not in the 
set [O] (i.e., consider a more “powerful set” of observers) to test |P| and |Q| 
then our fully- abstract result does not hold anymore. Intuitively, all that is 
reasonable: indeed, testing in Va the translation of a term, say |P|, regarding 
a generic observer o' |0| (in particular, o' is not the mapping of an observer 
in O) means testing |P| in |Ps] with a test which belongs to a more powerful 
language than [Ps|. 

Indeed, consider the pair of Vs processes P = a | a, Q = a.a and the set 
of observers O = {a.a.uj}. Let O' = {a.a.uj} be the set of observers in Va. Of 
course aaco is not the translation of any observer in O, though it can perform 
two a-actions before reporting success exactly as the observer in O. Then it is 
easy to convince one that P Qmay Q O' yf |0|. 

On the other hand, consider the coding of our terms P and Q 

- I^’l = la I a] = [a] | [a] = {nu){au \ u{v).{v \ 0)) | {nt){dt \ t{h).(h \ 0)) = 

{vu){i/f){au I u{v).{v I 0) I at I t{h).{h \ 0)) 

- [Q] = [a.a] = {vu){au \ u{v).{v \ [a])), 

and then the corresponding transitions when put in parallel with their observers 

- |P| I a.a.u! = a.a.uj \ {uu){ut){au \ u{v).{v | 0) | at | t{h).(h \ 0)) = 

{vu){vt){a.a.uj \ au \ u{v).{v | 0) | at | t{h).{h \ 0)) 
{vu){vf){a.uj I 0 I u{v).{v I 0) I at I t{h).{h \ 0)) 

{nu){nt){uj I 0 I u{v).{v | 0) | 0 | t{h).(h \ 0)) = Pi and Pi ; 

- |Q| I a.a.uj = a.a.uj \ {uu)(du \ u{v).{v \ |a|)) = {uu)(a.a.uj \ du \ u{v).{v \ |a|)) 

{vu){a.uj I 0 I u{v).{v I [a])) = Qi and Qi yP-r ; 

By Definition 6, hence, we have that P Of^ay Q 1^1 z^may IQl- 
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5.2 



Full Abstraction of the Coding W.R.T. ■ 

—fair 



The same fully- abstract result proved for Q^ay can be proved for Also in 

this case, to guarantee a fully-abstract coding w.r.t. we have to make sure 

that only the translations of the observers in the synchronous setting are taken 
into account when comparing translations of Vs processes. Then the expected 
result for fair testing follows. 

Proposition 3. Let P he a, Vs process and O C O he a set of observers. Then, 
for every o G O, P fair o if and only if |P] fair |o]. 

Theorem 2. {Full abstraction of the coding w.r.t. 

Let P and Q be Vs processes and O C O be a set of observers. Then 

-O 






C/3r lOI- 



5.3 The Must Preorder 

After considering the ^may and the E^^^ preorders, we tackle the E^y^^ 
case. In particular, we look for a proposition similar to Proposition 2 and Propo- 
sition 3, since have been central to prove the fully abstract result for the former 
preorders. Unfortunately, the statement we are looking for does not hold. The 
following proposition provides a counterexample. 

Proposition 4. There exists a Vs process P and an observer o such that 
P must o but |P] nyhst |o] . 

Proof. Consider the Vs process P defined as P = a. !t, and the observer o = a.uj. 
The only one maximal computation that P \ o can perform is 

P I o = a. !r I a.uj — ^ !r | ui — ^ . . . — E- 0 | 0 | . . . | !r | a; — E . . . 

Of course Pmusto. Now, consider |P|o] = |P] | |o] and the maximal computation 
that this process can perform. Consider the following one: 

|P I ol = |a. !r] I |a.w] = 

{vu){au I u{v).{v I I !t])) | a{h) .{uk){hk \ A:.|w]) = 

{vu){vk){au I u{v).{v \ | !r]) | a{h).(hk \ /c.|w])) 

^ {vu){uk){Q I u{v).{v I I !r]) | uk \ fc.|wl)_ 

EE {i^u){i'k){0 I fc||!r] |0 I k.fu;]) = {vk){k || !r] | fc.|o;]) = {vk){k | ! |r] | /c.|w]) 
EE {vk){k I 0 I ! |r] I k.{ujj) 

EE {vk){k I 0 I 0 I ! |r] I fc.|u;]) 

EE . . . {iyk){k I 0 I 0 I ... I 0 I ! |r] I fc.|o;]) . . . 

and note that each intermediate state of the computation cannot perform any uj 
action. Hence, |P] m/ast\o\. 
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Thus, 

Theorem 3. The coding is not fully-abstract w.r.t. • 

Proof. Consider O = {a.Lo},P = a and Q = P \ a.lr. First of all note that 
P Q- Indeed, P \ o and Q \ o can only perform the following computations 

P \ o = a I a.u! — E-= u! and Q \ o = P \ a.W \ a.uj — E-= uj \ a.lr or 
Q \ o = P \ a.W \ a.uj — E>= uj \ !r respectively. 

Then note that Q- Indeed, |P] | |o] = |a] | |a.o;] |fc.|o;]) 

— UJ but there exists a computation from |Q] | |o], namely, [Q] | |o] = 
[-Pll[a-!T]IIa.wl |P]|(j^fc)(fc|!|r]|fc.|w]) ^ . . . |P] | |! |r] | /c-H) . . ., 

where each intermediate state of the computation cannot perform any uj action. 

In the following section we state fully-abstract results for the must preorder 
by restricting the base language. 

Fully- Abstract Results for the Must Preorder Let us concentrate on the 
set of processes, tests and experiments in the 7r-calculus and its asynchronous 
version that hold the hereditary convergence predicate meaning that they can 
perform only finite maximal computations. In the following we will generically 
use V to denote either Vs or Va- 

Definition 8. Let P he a, V process and O C O. We say that P is hereditary 
convergent w.r.t. O, P |o, if and only if V o S O, (P | o) where (P | o) |, read 
P I o is convergent, if and only if every maximal computation from P | o is finite. 

If we concentrate on the subset of hereditary convergent processes then we 
have the following result. We refer the reader to [CCOO] for a detailed proof. 

Theorem 4. Let P and Q be Vs processes and O C C> a set of tests. If P |o 
and Q lo then P E^y^^ Q if and only if |P] E^„g^ [QJ- 

The hereditary convergence predicate is very severe since processes in parallel 
with observers are allowed to perform only finite sequences of internal actions. We 
previously tried with weaker forms than the hereditary convergence predicate. 
A more generous one is the following. Consider the set HerConv of hereditary 
convergent processes as the largest set of processes P which satisfies: 

(i) P 

(ii) P —IE Q implies Q S HerConv. 

Unfortunately, also such a predicate is not enough to obtain a fully-abstract 
result for the mapping w.r.t. E^^^^ • Indeed, there exists a process P and an 
observer o which are in HerConv and P must o but |P] m/ist |o] . As an example, 
consider P =!a.O and o =!a.oj. The parallel composition of their translation can 
engage an infinite computation of r actions without showing the presence of oj. 
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6 Related Works 

Mappings from synchronous languages to asynchronous ones (and relative fully- 
abstract results, when possible) have been considered in many papers. For this 
reason we report here only a very brief introduction to those papers that are 
very close to our study. 

One of this papers is [QWOO]. It also aims at studing the relationships be- 
tween synchronous and asynchronous mobile processes. The authors consider the 
polyadic 7r-calculus and the asynchronous version of the monadic 7r-calculus as 
base languages, Boudol’s mapping from the former to the latter language and 
barbed congruence as the semantics to be preserved by the mapping. Some of the 
ideas exploited in the present paper are also present there. I.e., the restriction of 
the asynchronous tests, contexts in their setting, to those which are mapping of 
synchronous tests. However, we have proven that such a condition is necessary 
but not sufficient to get full abstraction for every semantic theory. Indeed, it can 
be obtained for may and fair testing but not for must (unless strict restrictions 
on the base language are considered) . In more detail, they provide a type system 
for processes of the asynchronous monadic 7r-calculus which characterizes the set 
of contexts in the asynchronous world. These are all contexts which are map- 
ping of contexts in the synchronous setting. Then prove a fully abstract result 
for barbed congruence similar to those stated in Theorem 1 and Theorem 2. It 
is worth of noting that our proof techinque still work when their barbed con- 
gruence is considered (and, actually, also when Morris’ testing preorder is taken 
into account). 

Another very interesting paper is [Pal97]. Also this paper is concerned with 
the attempt of solving or, at least, clarify how these two communication mecha- 
nisms (synchronous and asynchronous) can be implemented one into the other. 
The TT-calculus and the asynchronous 7r-calculus are the considered languages 
together with their own transitional semantics. It has been shown that it is not 
possible to encode the 7r-calculus into the asynchronous 7r-calculus because the 
“leader election problem” cannot be solved in the latter language while it is still 
possible in the former one. More in general, it has been shown that it is not 
possible to map the 7r-calculus in the asynchronous 7r-calculus for every possible 
“uniform” encoding (it is compositional w.r.t. parallel composition and “behaves 
well” w.r.t. renamings) and for every “reasonable” semantics (it distinguishes two 
processes P and Q whenever in some computation of P the actions on certain 
intended channels are different from those of any computation of Q) which one 
wants to preserve. According to our interpretation of uniform and reasonable, 
we can say that Boudol’s mapping is uniform, may and fair semantics are not 
reasonable while must is. We cannot, however, exploit Palamidessi’s result to 
justify our negative result with the must preorder. Indeed, her proof technique 
strongly relies on the presence of mixed choices (input and output prefixes in al- 
ternative composition) in the 7r-calculus while we do not have such choice in our 
source language. Moreover, such a technique does not hold anymore if separate 
choice is taken into account as shown in [Nes97]. But, as shown in this paper, 
the must preorder gives problems anyway. 
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Another work with similar issues of ours, though following quite different 
means, is [HT91]. Honda and Tokoro concentrate on the 7r-calculus without 
sum and bounded output and provide terms of this algebra with two transi- 
tional semantics: one describes processes with a synchronous communication 
and the other describes processes with an asynchronous communication. The 
former transitional semantics is that standard while the latter one relies on a new 
input-prefix rule. It allows any process to perform an input action also when not 
syntactically specified (this models output as a non blocking action). Then, vari- 
ous observational semantics based on trace, failure and bisimulation, are defined 
on the top of the considered transitional semantics. The relationships between 
the synchronous bisimulation and its asynchronous counterpart are investigated. 
The main result of this study shows that the latter relation is strictly weaker 
than the former one. Similar results hold for trace and failure-based semantics. 
To obtain fully abstract results, they introduce the notion of X completion. This 
is a mapping from a term interpreted asynchronously into a term interpreted 
synchronously. Any target term is able to mimic all the asynchronous transi- 
tions via synchronous transitions. More in detail, the target term is the original 
one in parallel with the so-called identity receptors. These are processes with the 
ability of performing input actions on suitable channels after which they become 
themselves in parallel with output actions on the same channels. In this way 
they simulate the transitions which are in the asynchronous setting but not in 
the synchronous one. By weakening terms interpreted synchronously in this way, 
Honda and Tokoro prove that two terms are asynchronously bisimilar (resp. fail- 
ure, trace) if and only if their mappings are, up to X completion, synchronously 
bisimilar (resp. failure, trace). They do not mention, however, to fully abstract 
results for the opposite mapping; i.e., how to implement synchronous communi- 
cation in terms of the asynchronous one which, instead, is the main purpose of 
the current work. 



7 Further Work 

This paper rises several interesting questions to look at. We would like to check 
whether our results scale up to versions of 7r-calculus with mixed choice by 
exploiting the results and the non-uniform encodings in [Ncs97]. 

Another interesting question is related to the negative result for must testing. 
It is reasonable to ask whether or not there are uniform encodings (also in the 
case the source language which only has separate choice, as the 7r-calculus we 
have considered), that preserve the must testing. We conjecture a negative result 
for this question. Always regarding the must testing, we would like to investigate 
on the possibility of proving fully abstract results when some “fair” scheduling 
assumption is imposed on the execution of the parallel components of a global 
system. For this questions, instead, we conjecture a positive result. This, of 
course, would improve the result stated in Section 5.3. 
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Finally, we intend to import the ideas developed for testing in a bisimulation 
scenario. At the first glance it seems that [HT91] can provide a valid support to 
this investigation. 
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Abstract. When search trees are made relaxed, balance constraints are 
weakened such that updates can be made without immediate rebalanc- 
ing. This can lead to a speed-up in some circumstances. However, the 
weakened balance constraints also make it more challenging to prove 
complexity results for relaxed structures. 

In our opinion, one of the simplest and most intuitive presentations of 
balanced search trees has been given via layered trees. We show that 
relaxed layered trees are among the best of the relaxed structures. More 
precisely, rebalancing is worst-case logarithmic and amortized constant 
per update, and restructuring is worst-case constant per update. 



Introduction 

Usually, updating in a balanced search tree is carried out as follows: First, 
a search is carried out in order to determine the location of the update. Sec- 
ond, the update is performed. Third, local balance constraints are reconsidered. 
Since balance constraints are usually based on path lengths or subtree sizes, 
these constraints may have been violated, because most often, an insertion will 
add at least one node to the tree and a deletion will remove at least one node 
from the tree. If there is a balance problem, this is fixed completely if possible, 
and otherwise it is fixed at the cost of introducing a new problem closer to the 
root. This problem is then handled recursively until it disappears or is moved 
all the way to the root, where balance problems are normally easily fixed. 

The three phases described above are referred to as searching, updating, 
and rebalancing. Informally, relaxed balance is a term used for the following. If 
a search tree has been equipped with relaxed balance, the searching and updating 
have been uncoupled from the rebalancing. Thus, it is now possible to search 
and make an update without performing any rebalancing. For this to be well- 
defined, the balance constraints must be weakened (relaxed) in such a way that 
the tree after an update is still in the now broader class of trees. Additionally, the 
standard tree, which is made relaxed, should belong to the class, and the overall 
goal of the (presumably generalized and/or expanded) collection of rebalancing 
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operations is to bring the tree back to fulfilling the constraints of the standard 
balanced tree. 

The benefit of the uncoupling depends on the environment. Discussions of 
this can be found in many of the papers on the subject, but here is a brief 
account. In a sequential system, bursts of requests, possibly from an external 
source, can be served faster if rebalancing is “turned off” during the period. 
After the burst, rebalancing should gradually bring the tree back in balance, 
while requests are served at the same time. In a parallel (shared-memory) system, 
a naive implementation would lock the root of the tree so frequently that the 
degree of parallelism would be extremely low. In relaxed structures, it is generally 
possible to exclusively lock only nodes which will be involved in pointer changes, 
instead of all nodes which might be involved in pointer changes. This implies 
that most of the exclusive locking will take place close to the leaves. 

The cost of the relaxation is that the guaranteed worst-case bound of loga- 
rithmic path lengths is temporarily lost. The options are to trust that this does 
not become a problem for these short periods of time (maybe the requests are 
known to be close to uniform), to monitor path lengths and rebalance when 
some limit is exceeded, to dedicate a fixed minimum amount of rebalancing time 
to each update (or group of updates), or something else along those lines. The 
best solution can only be found when the specifics of the concrete scenario are 
known. 

However, to ensure that as much time as possible is dedicated to request 
processing, it is vital that rebalancing, when it is performed, is performed effi- 
ciently. The difficulty in proving the various possible efficiency bounds on the 
run-time complexity is of course that after the structure has been relaxed, much 
less is known about its appearance. For instance, if k updates are performed on 
a standard balanced search tree of size n, usually (fclogn), or fewer, rebalancing 
operations can easily be shown to completely rebalance the tree. In a relaxed 
version, path lengths can approach logn -|- fc, so if k is more than a constant, 
will (fclogn) operations still suffice? 

To make relaxed proposals as usefull as possible in the sequential as well 
as in the parallel setting, it is always required that rebalancing is carried out 
in local independent steps. However, in the sequential setting, this may not be 
mandatory. 

Finally, relaxed balance is also a topic of theoretical interest. Search trees are 
some of the most important data structures, and this line of work answers some 
very fundamental questions concerning whether or not the traditional tight cou- 
pling between updating and rebalancing is necessary for the efficient rebalancing 
results to follow. 

We give a very brief summary of the developments; more details can be found 
in [16], for example. Some of the ideas were initiated in [10,15]. AVL-trees [1,23] 
were investigated in [17,25,28], red-black trees [3,10,31] in [5,6,7,8,16,26,27], and 
(a,5)-trees [13,22], H-trees [4], 2-3-trees [2,12] in [18,19,25]. In [20], a general 
result for balanced trees was developed, and in [9,11,21,24,32], some variations 
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of the standard schemes were investigated. Locking in a parallel setting was 
discussed in [6,27]. 

In this paper, we investigate layered trees [30] . A relaxed version of layered 
trees was given in [29] . The primary contribution of this paper is to establish the 
complexity results which hold for the structure. We give our own presentation 
of layered trees with and without relaxed balance; partly to make the paper 
self-contained, but also partly because greater precision in the formulation of 
rebalancing operations is required in order for a proof of amortized constant 
rebalancing to be established. 

The paper [29] primarily focuses on the design ideas, and on the important 
issue (not least in a parallel setting) of limiting restructuring. The principal 
difference between changing a pointer and updating balance information is that 
searching can proceed simultaneous with the information updating. Thus, if fine- 
grained locking is an option, limiting restructuring operations is more important. 
With the set-up in [29], the authors can show that only a constant amount of 
restructuring is necessary per update. 

Layered Trees 

It is possible to give a quite general definition of a layered tree [30]. However, to 
present the ideas in a form as simple as possible, we first give one very specific 
definition. Later, we discuss the more general alternatives. 

A layered tree is a binary search tree. It is leaf-oriented, meaning that all 
keys are kept in the leaves. Internal nodes contain routers, which are of the same 
type as the keys and often copies of some of these. However, the only purpose 
of the routers is to guide the searches to the correct leaves. In a leaf-oriented 
binary tree, internal nodes always have two children. 

Leaf-oriented trees are often the choice in large database-oriented applica- 
tions because keys often have significant amounts of information attached. It is 
generally more efficient not to have to encounter this extra information when 
searching down the tree and when changing internal nodes due to rebalancing. 



Additionally, when designing relaxed structures, there is no good way of 
carrying out deletions in a step-wise and local manner if the tree is not leaf- 
oriented. The problem is that if an internal node with two children should be 
deleted, the standard method for handling this is to switch keys with its internal 





Fig. 1. The four basic configurations 
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predecessor or successor and delete that node instead. However, that node can 
be located a non-constant distance away. 

A leaf-oriented binary search tree is called layered if it can be constructed as 
described below from the configurations listed in Fig. 1: 

1. Select one of the four basic configurations. The top node in the selected 
configuration will be the root of the whole tree. 

2. Add a number of layers. One layer is added as follows: For each node u in the 
already constructed part of the tree which does not have a left (right) child, 
select one of the basic configurations and let the top node of the configuration 
be the left (right) child of u. 

3. Construct a final layer of leaves, by adding a leaf everywhere a left or right 
child is missing. 

We refer to the level of leaves as layer 0. The layer on top of that is layer 1 
and so on. An edge connecting a node in some layer i with a node in the next 
layer f -|- 1 is said to cross the border between the two layers. In the concrete 
implementation described in this paper, we assume that borders are explicitly 
stored in the structure. The most flexible way of doing this is by storing one bit 
in each node such that the bit is zero if it belongs to an even-numbered layer and 
one otherwise. The manipulation of this bit in connection with the operations 
to be discussed is easy, and we will not describe it explicitly. For easy future 
reference we define the following two subsets of basic configurations: the small 
configurations Cg = { " ,/ , \ } and the large configurations Cg = {/ ,%, A}. 

Proposition 1. The height of a layered tree with n leaves is bounded by 2[log2nJ . 

Proof. We show by induction in the number of layers that a node in layer i has 
at least 2® leaves in its subtree. This is trivial for the base case of a single leaf. 
For the induction step, we notice that any node u in the configurations from 
Fig. 1 at any level i > 0 has at least two descendants at level i — 1. Since each 
of these, by the hypothesis, have at least 2*“^ leaves in their subtrees, u has 2® 
leaves in its subtree. Thus, the layer of the root is at most [log 2 nj , and so there 
are at most [log 2 nJ -I- 1 layers. Since the height of the highest basic configuration 
is two, the result follows. 

Keys in the search tree come from a totally ordered domain. The keys in 
the leaves appear in strictly increasing order from left to right. A router in an 
internal node is greater than or equal to any key in its left subtree and less than 
any key in its right subtree. 

In the light of this and Proposition 1, searching can obviously be performed 
in logarithmic time. The update operations, insert and delete, can also be per- 
formed in logarithmic time, and with at most a constant number of structural 
changes per update [30]. One way of describing this is as follows. 

The general idea is to make the update, and register if there is a problem, 
i.e., if the tree is no longer constructed according to the layered tree definition. 
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Recursively, we remove the problem if possible, and otherwise move it to the 
next layer. At the root, any problem can be eliminated. 

In the following, we describe the updating procedures. Proof of correctness 
follows later. 



Insertions 

To insert a key, we search for the given key as usual in a search tree, and we 
end up at a leaf. If that leaf does not already contain the given key, a new leaf 
is created using operation New leaf insertion. The new key and the one already 
present in the existing leaf are arranged in order, and the key to the left is copied 
to the new internal node as its router. 




New leaf insertion. Up root. Up finish. T\ € Cs. 

T2GCl. IT 2 I = |Ti| +1. 



The new internal node is on layer 0, which is not allowed, and is therefore 
equipped with a push-up request (t). This push-up request is dealt with recur- 
sively as follows. If it reaches the root, the problem is solved using operation Up 
root. Otherwise, if there is room at the next layer, i.e., its parent is part of 
a configuration consisting of at most two nodes, the problem is solved using 
operation Up finish. 

If the parent at the next layer is in a three-node configuration, the problem 
is moved up one layer using operation Up push. 



Deletions 

To delete a key, we search for the given key as usual in a search tree, and 
we end up at a leaf. If that leaf contains the given key, we proceed as follows 
(the leaf to be deleted is marked with two crossing lines in the figures). If the 
parent configuration has at least two nodes, using operation Remove finish, we 
can rearrange the nodes such that the leaf and its parent are deleted, while all 
configurations are still basic configurations. 



— 1 — — 1 — 










S- A 




1 1 








A ^ 









Up push. Remove finish. Ti G Cl. Remove continue. 

T 2 e Cs. \Ti\ = \T 2 \ + 1. 
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If the next layer has a one-node configuration, we use operation Remove 
continue. This introduces a leaf at layer 1, which should be moved down to 
layer 0 before the tree can again be guaranteed to be a layered tree. We register 
this problem by marking the node with a pull-down request (|). 

A pull-down request is handled recursively as follows. If it reaches the root, 
the problem is solved using operation Down root. Otherwise, if the sibling and 
parent configurations have at least three internal nodes together, then there are 
sufficiently many nodes locally such that the node can be moved down using 
either operation Down finish 1 or Down finish 2, and at least one-node config- 
urations can be created everywhere. 

Finally, if the parent and sibling configurations contain only one node each, 
the problem is moved up one layer using operation Down push. 

Observe that only operation Remove continue and Down push create pull- 
down requests. Since the only nodes which are marked are leaves or internal 
nodes with exactly one child on the next layer, such requests are created only 
if the marked node can be pulled down without violating the design criteria for 
layered trees. 



Layered Trees with 

To make the tree relaxed, we must allow that rebalancing can be interrupted at 
any time. In particular, its start can be delayed. In addition, the tree must be 
able to accommodate several updates for which the corresponding rebalancing 
has not been undertaken. 

In addition to the basic configurations, several new configurations are allowed 
in the tree; any one or two node basic configuration where the bottom-most node 
is marked by a pull-down request, a zero-node configuration (a layer-crossing 
edge), and a four node configuration, where the top-most node is marked by 
a push-up request. The complete set of extra configurations (up to symmetric 
variants) are depicted in Fig. 2. 

When an insertion is made, a leaf is replaced by an internal node with two 
leaves. If several insertions are made, large trees might be build this way without 
respecting the design criteria for relaxed layered trees. Such trees are always 
rooted at an internal node marked with a push-up request at layer 0. This part 
of the tree is called the unstructured part, while the part satisfying the design 
criteria for relaxed layered trees is called the structured part. 




Down root. 




town finish 1 . Ti G Cl. 
2,23 e Cs. 
n\ = \T 2 \ + \n\. 




Down finish 2. Ti £ Cl. 

n e Cs. \Ti\ = \n\ + 1. 
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Fig. 2. Relaxed configurations 



Rebalancing is now carried out by moving a problem from the unstructured 
part into the structured part, and recursively towards the root, until the problem 
is removed. 

Since we cannot control when a deletion is actually carried out, the leaf 
to be deleted is marked physically for deletion by the operation Delete mark. 
Observe that the leaf might already be marked with a pull-down request, which 
is indicated by a parenthesized pull-down request (Q. 

A leaf-oriented relaxed layered search tree can be constructed in the following 
way: 

1. Select any configuration, except the layer-crossing edge. The top node of the 
selected configuration will be the root of the tree. 

2. Add a number of layers: For each node u in the already constructed part of 
the tree, which does not have a left (right) child: if u is not marked with 
a pull-down request, and u is not on the layer above (a layer-crossing edge) 
add any of the node-containing configurations as the left (right) child of u. 
If u is marked with a pull-down request, add any configuration as the left 
(right) child of u, such that exactly one of the child configurations of a node 
marked by a pull-down request is a layer-crossing edge. 

3. Construct the final layer by adding leaves, leaves marked for deletion, or 
unstructured trees to every node on the second to final layer that does not 
have a left (right) child, unless that node is marked by a pull-down request, 
in which case the node itself is made a leaf or a leaf marked for deletion. 

Some operations involve the parent configuration, and some also the sibling 
configuration. An operation can generally not be carried out if the involved con- 
figurations are marked by requests. However, in some situations, we must allow 
that the sibling and parent configurations contain requests to avoid deadlocks. 

In the case of deletion, the sibling of the deleted leaf in operation Remove 
continue, might be marked for deletion, and is thus of course still marked after 
the application of the operation. This is indicated by an asterisk in the modified 
operation Remove continue. Analogously, two single-node siblings might both 
contain pull-down requests. Therefore, operation Down finish 2 and Down push 
are modified to allow this. 
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Down push. Delete mark. Modified Remove continue. 



Furthermore, since we cannot control when updates are made, two new op- 
erations are needed to handle special cases of insertions. If a leaf is marked for 
deletion and an insertion is made at the very same leaf, the leaf is recycled as 
depicted in operation Insert recycle. If a leaf is marked with a pull-down request 
and an insertion is made at the very same leaf, the creation of the new internal 
node cancel out with the pull-down request; operation Insert solve. 






Modified Down Modified Down push, 

finish 2. T4 G Cl- Ts G Cs. 

\T4 = \n\ + 1 . 



Down cancel. |Ti| > 2. 

1^21, iTsI > 1. 

|ri| = |r2| + |T3|. 



Finally, pull-down requests are created if and only if both child configura- 
tions and the parent configuration are single nodes. However, when the request 
is to be resolved, this might not still be the case. One child is always a layer- 
crossing edge, while the other might be any other configuration. If the other child 
contains more than one node, these nodes can be rearranged such that it is no 
longer necessary to pull the marked node down. This is done by operation Down 
cancel. Observe that push-up requests among the rearranged nodes are anal- 
ogously made obsolete, while pull-down requests must follow their respective 
layer-crossing child edges. It is an implicit precondition for applying any other 
operation involving pull-down requests that operation Down cancel cannot be 
applied. 

Analogously, the parent (the node marked by a pull-down request) might 
not be a single node anymore, in which case the node is just pulled down, using 
operation Down finish 3 . 



K(i) 



□a) 





Insert recycle. 



Insert solve. 



Down finish 3. 
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Correctness and Complexity of Relaxed Balancing 

By inspecting the individual operations, one can easily verify that the rebal- 
ancing operations satisfy the soundness property; applying any operation turns 
a relaxed layered tree into a relaxed layered tree. 

Now we show that the collection of rebalancing operations is sufficient. 

Theorem 1. Completeness: Let T he a relaxed layered tree. While T contains 
at least one node marked by a request, some rebalancing operation can be applied. 

Proof. Let TZ denote the set of nodes marked by a request or marked for deletion 
on the top-most layer containing marked nodes. 

If the root is in TZ, then one of the Root operation can be applied. Assume 
that the root is not in TZ. Assume that TZ contains some node u marked with 
a push-up request. Since u is top- most and non-root, the parent configuration is 
a basic configuration, and thus either operation Up finish or operation Up push 
can be applied. Observe that this is independent of whether or not u is located 
in the structured or the unstructured part of the tree. 

Assume that TZ contains no nodes marked by a push-up request. Assume 
that TZ contains nodes marked by a pull-down request, and let u be such a node in 
a two node configuration, if any such exist. Consider the configurations below u. 
By the soundness property, one of these configurations is a layer-crossing edge. 
If the other configuration has at least 2 nodes, then operation Down cancel can 
be applied. Otherwise u can be moved down using operation Down finish 3 . 

Now assume that TZ contains nodes marked by a pull-down request, but that 
all these are single node configurations. Again, if a child which is not a layer- 
crossing edge contains at least two nodes, operation Down cancel can be applied. 
Otherwise we know that w’s sibling configuration is either a single node (possibly 
marked by a pull-down request) or a basic configuration containing at least two 
nodes. In the first case, depending on whether the parent configuration of u has 
more than one node or not, either operation Down push or operation Down fin- 
ish 2 can be applied (recall that u was a top-most request, which means that u’s 
parent configuration is a basic configuration). In the latter case, operation Down 
finish 1 can be applied. 

Finally, assume that TZ contains only leaves marked for deletion. By this 
assumption, the parent configuration of such a leaf contains no requests, so 
either operation Remove finish or Remove continue can be applied. 



Amortized Constant Rebalancing 

We use the standard potential function technique [33]. Any update operation 
creates exactly one problem in the unstructured part. Either a leaf marked for 
deletion or an internal node. This problem is either removed by a finishing re- 
balancing operation or moved into the structured part as a request which is 
then in turn moved a number of times using a non-finishing operation, until it 
is removed by a finishing operation. 
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Theorem 2. Rebalancing is amortized constant. 

Proof. Assume that we remove every edge which connects two nodes in different 
layers. This splits the tree up into a collection of small trees with at most four 
nodes. We let Vi{T) for i G {1, 2, 3, 4} denote the number of pieces with i nodes 
resulting from splitting T. 

We define the potential <?(T) of the tree T as follows: 

<P(T) = Vi(T) + V2{T) + Wz{T) 

Any update operation, including the operation creating a request in the struc- 
tured part, and any finishing operation may increase the potential, but it can 
do so by at most a constant. What remains is to show that every non- finishing 
operation decreases the potential by at least a constant to cover for its own 
application. The operations Up push and Down push are the only non-finishing 
rebalancing operations. 

Operation Up push is applied only if the parent configuration of the node 
marked by the push-up request is a three node basic configuration. Recall that 
any node marked by a push-up request is the root of a four node configuration. 
Thus by the application, a three node configuration and a four node configuration 
is replaced by a four node, a two node, and a one node configuration, which 
decreases the potential by one. 

Operation Down push is applied only if the parent and sibling configurations 
are single nodes. Furthermore, operation Down push is applied only if opera- 
tion Down cancel cannot be applied. Thus, the children of the node marked by 
a pull-down request are a layer crossing edge and a single node, respectively. 
After the application, the node pulled down forms a two node configuration to- 
gether with the single node child configuration at the child layer. Thus, four one 
node configurations are replaced by two one node configurations and a two node 
configuration, which decreases the potential by one. 



Worst- Case Logarithmic Rebalancing 

The previous theorem shows that rebalancing is amortized constant, if we start 
with an initially empty tree. However, if we start with a non-empty layered tree, 
we cannot use the theorem to guarantee a good complexity immediately. In the 
following, we show that even if we start with a layered tree, rebalancing is at 
most logarithmic in the worst-case. 

Inspired by [16], we define a count function c as follows: If the tree is a stan- 
dard layered tree, the count function is one on all leaves, and zero for all internal 
nodes. The count sum of a node u is the sum of the count function applied to 
all nodes in the subtree rooted at u, i.e., 

In a relaxed layered tree, the count function is maintained as follows: When 
an insertion is made, a leaf i is replaced by an internal node with two leaves. The 
function value of the internal node is set to c(£) — 1, while the count function for 
both leaves is initialized to one. 
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When a leaf ^ is actually deleted (not just marked), its parent u is deleted 
as well. The function value of the node v replacing the parent is then increased 
by c{t) + c{u). 

When nodes are rotated, some node is the root of the rotation. The function 
value of the root is assigned to the new root, while all the remaining function 
values are reassigned in-order to the remaining nodes involved in the rotation. 

Since the count sum of the whole tree is incremented by insertions, but not 
decremented by deletions, the count sum of the root is always n + i where n is 
the number of leaves in the tree the last time it was a standard layered tree, 
and i is the number of insertions. 

Note that the values of the count function are always non-negative, and for 
leaves, they are positive. 

We define the relaxed layer of a node u to be its layer in a layered tree 
unless u and it’s parent are connected by a layer crossing edge. In this case, we 
define the relaxed layer to be one higher than its actual layer. 

Lemma 1. For any node u on relaxed layer j: 

Proof. By induction on the number of operations on the tree since it was last 
a standard layered tree. 

The base case follows by an argument similar to the proof of Proposition 1, 
since the count sum is exactly the number of leaves in any subtree. 

It is easily verified that the result holds for any application of an update 
operation or an operation bringing a request into the structured part. 

If nodes (in the structured part) are rearranged to form basic configurations, 
i.e., we also consider nodes marked by push-up request which are unmarked as 
a consequence of the rearrangement, the result follows immediately from the 
hypothesis since all such nodes have at least two descendants on the next layer. 

If a node (marked by a pull-down request) is pulled down, we have two cases: 
It is either pulled down using operation Down push, in which case the relaxed 
layer is unchanged, or by a finishing operation, in which case the relaxed layer 
is decreased. In either case, the count sum is unchanged, and the result follows 
again immediately from the hypothesis. 

Observe that any node marked by a push-up request has both its children 
on the same layer as itself. Thus, such a node is the root of a subtree with twice 
the count sum it needs, and the result follows from the hypothesis — even when 
the node is pushed to the next layer. 

What remains is to verify that the result holds after the application of op- 
eration Down cancel when nodes marked by pull-down requests are rearranged. 
However, this follows from the way relaxed layers are maintained. Since both 
children of nodes marked by pull-down requests have the same relaxed layer — 
that of nodes on the next layer — the result follows from the hypothesis. 

Theorem 3. Rebalancing is worst-case logarithmic. 

Proof. Rebalancing after any update involves bringing the problem into the 
structured part of the tree, applying a number of non-finishing operations, and 
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applying one finishing operation. Hence, if the number of non-finishing opera- 
tions can be bounded by a logarithmic term, the theorem follows. However, the 
application of a non-finishing operation moves a problem to a node on a higher 
relaxed layer, and as, by Lemma 1, the size of a subtree is exponential in the 
relaxed layer, there can be at most a logarithmic number of such layers. 

More precisely, if i insertions (and possibly some deletions) are applied to 
a tree of size n, we get the bound n + i = J2 vgTroot — 2'^®°°’', where Jroot is 
the relaxed layer of the root. 

Since at the root, the number of the layer and the relaxed layer must coincide, 
the root is in layer at most [log 2 (n -I- i)J. Including initial, finishing, and non- 
finishing operations, at most [log 2 (n -I- j)J +2 operations can be applied per 
update. 

Worst-Case Constant Restructuring 

The following result is from [29]. 

Theorem 4. Restructuring is worst-case constant. 

Proof. As was observed earlier, every finishing rebalancing operation removes 
at least one request. Hence, at most one finishing rebalancing operation can 
be applied per update. Since neither of the non-finishing operations make any 
structural changes, the theorem follows. 

Concluding Remarks 

The objective of this presentation of relaxed layered trees was twofold. We 
wanted to give a presentation precise enough that correctness and complexity 
proofs could be based on it. At the same time, we wanted to keep the presenta- 
tion simple, in the spirit of the presentation of the standard version. The first 
objective has been obtained, but, admittedly, some of the simplicity is lost in 
the transition to a relaxed version. The problem is that the extra configurations, 
which are allowed in the relaxed setting, multiplies the total number of cases. 
With the level of precision which is required to establish all the complexity re- 
sults, there does not seem to be any way to treat the operations at a higher level 
of abstraction to cut down on the number of cases. 

On the positive side, we have shown that relaxed layered trees are among the 
best relaxed binary search trees. In particular, all the asymptotic complexities 
of [16] are matched: No update gives rise to more than a logarithmic number 
of rebalancing operations, of which at most one is restructuring. Additionally, 
rebalancing is amortized constant per update. It should also be noted that the 
potential function used in the proof for amortized constant rebalancing can be 
modified to satisfy the requirements for Theorem 1 in [14]. Thus, rebalancing in 
relaxed layered trees is exponentially decreasing with respect to the height. 

As it is also pointed out in [29] , there are many ways of tuning the operations 
to improve performance. For instance, several rebalancing operations can be 
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redefined or extended such that push-up requests and pull-down requests would 
cancel out when possible. 

There is also a trade-off in the number of legal configurations and the number 
of rebalancing operations (and their complexity). For example, one could define 
relaxed layered trees without the two node configuration with the bottom-most 
node marked by a pull-down request. However, then the set of operations is 
increased and some operations must be made larger. 
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Overview: All the Operations from within the Paper 



The Sequential Structure 
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Up push. Remove finish. Ti £ Cl- Remove continue. 
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Down push. 
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The Relaxed Structure 
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□tt) 



New leaf insertion. 



Insert recycle. 



Up root. 




Up finish. Ti € Cs- 
T2 e Cl. |T2| = iTil + 1. 
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Delete mark. 




Remove finish. Ti G Cl. 
T2 G Cs- |Ti| = iTal + 1. 



Down root. 




The modified Down push. 
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Insert solve. 




Up push. 




The modified Remove 
continue. 




Down cancel. |Ti| > 2. 

1^21, iTsI > 1. 

|ri| = |T2| + |T3|. 




Down finish 1 . T\ G Cl. 
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|Ti| = |r 2 | + |r 3 |. 



The modified Down 
finish 2. Ta G Cl. Ts G Cs. 
|T4| = |T5| + i. 



Down finish 3. 



